You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@guacamole.apache.org by vn...@apache.org on 2018/10/01 17:36:43 UTC
[10/37] guacamole-client git commit: GUACAMOLE-220: Implement
permission inheritance within SQL queries.
GUACAMOLE-220: Implement permission inheritance within SQL queries.
Project: http://git-wip-us.apache.org/repos/asf/guacamole-client/repo
Commit: http://git-wip-us.apache.org/repos/asf/guacamole-client/commit/a1553979
Tree: http://git-wip-us.apache.org/repos/asf/guacamole-client/tree/a1553979
Diff: http://git-wip-us.apache.org/repos/asf/guacamole-client/diff/a1553979
Branch: refs/heads/staging/1.0.0
Commit: a1553979478bfcbd53ff28558c8e7bf2947afa46
Parents: 199f518
Author: Michael Jumper <mj...@apache.org>
Authored: Wed Apr 4 21:07:49 2018 -0700
Committer: Michael Jumper <mj...@apache.org>
Committed: Wed Sep 19 23:56:51 2018 -0700
----------------------------------------------------------------------
.../modules/guacamole-auth-jdbc-base/pom.xml | 10 ++---
.../guacamole/auth/jdbc/base/EntityMapper.xml | 17 ++++++++
.../auth/jdbc/connection/ConnectionMapper.xml | 35 +++++++++++++---
.../jdbc/connection/ConnectionRecordMapper.xml | 14 ++++++-
.../connectiongroup/ConnectionGroupMapper.xml | 42 +++++++++++++++++---
.../ConnectionGroupPermissionMapper.xml | 26 +++++++++---
.../permission/ConnectionPermissionMapper.xml | 26 +++++++++---
.../SharingProfilePermissionMapper.xml | 27 ++++++++++---
.../jdbc/permission/SystemPermissionMapper.xml | 23 ++++++++---
.../jdbc/permission/UserPermissionMapper.xml | 25 +++++++++---
.../sharingprofile/SharingProfileMapper.xml | 21 ++++++++--
.../guacamole/auth/jdbc/user/UserMapper.xml | 21 ++++++++--
.../auth/jdbc/user/UserRecordMapper.xml | 7 +++-
13 files changed, 243 insertions(+), 51 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/a1553979/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/pom.xml
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/pom.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/pom.xml
index d99534c..ab56499 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/pom.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/pom.xml
@@ -109,33 +109,33 @@
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis</artifactId>
- <version>3.2.8</version>
+ <version>3.4.6</version>
</dependency>
<!-- MyBatis Guice -->
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis-guice</artifactId>
- <version>3.6</version>
+ <version>3.10</version>
</dependency>
<!-- Guice -->
<dependency>
<groupId>com.google.inject</groupId>
<artifactId>guice</artifactId>
- <version>3.0</version>
+ <version>4.1.0</version>
</dependency>
<dependency>
<groupId>com.google.inject.extensions</groupId>
<artifactId>guice-multibindings</artifactId>
- <version>3.0</version>
+ <version>4.1.0</version>
</dependency>
<!-- Guava - Utility Library -->
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
- <version>18.0</version>
+ <version>19.0</version>
</dependency>
</dependencies>
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/a1553979/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml
index f05c287..dd262d1 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml
@@ -23,6 +23,23 @@
<mapper namespace="org.apache.guacamole.auth.jdbc.base.EntityMapper" >
+ <!-- Retrieves the ID of the given entity. If inheritance is enabled, the
+ IDs of the entities for all applicable user groups are retrieved, as well. -->
+ <sql id="relatedEntities">
+ <if test="!${inheritFlag}">${entityID}</if>
+ <if test="${inheritFlag}">
+ WITH RECURSIVE related_entity(entity_id) AS (
+ VALUES (${entityID})
+ UNION
+ SELECT guacamole_user_group.entity_id
+ FROM related_entity
+ JOIN guacamole_user_group_member ON related_entity.entity_id = guacamole_user_group_member.member_entity_id
+ JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_member.user_group_id
+ )
+ SELECT entity_id FROM related_entity
+ </if>
+ </sql>
+
<!-- Insert single entity -->
<insert id="insert" useGeneratedKeys="true" keyProperty="entity.entityID"
parameterType="org.apache.guacamole.auth.jdbc.base.EntityModel">
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/a1553979/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml
index c238c78..94855e1 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml
@@ -68,7 +68,12 @@
SELECT connection_id
FROM guacamole_connection_permission
WHERE
- entity_id = #{user.entityID,jdbcType=INTEGER}
+ entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="true"/>
+ <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
AND permission = 'READ'
</select>
@@ -89,7 +94,12 @@
WHERE
<if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}::integer</if>
<if test="parentIdentifier == null">parent_id IS NULL</if>
- AND entity_id = #{user.entityID,jdbcType=INTEGER}
+ AND entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="true"/>
+ <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
AND permission = 'READ'
</select>
@@ -165,7 +175,12 @@
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer
</foreach>
- AND guacamole_connection_permission.entity_id = #{user.entityID,jdbcType=INTEGER}
+ AND guacamole_connection_permission.entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="true"/>
+ <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
AND permission = 'READ'
GROUP BY guacamole_connection.connection_id;
@@ -177,7 +192,12 @@
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer
</foreach>
- AND entity_id = #{user.entityID,jdbcType=INTEGER}
+ AND entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="true"/>
+ <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
AND permission = 'READ';
SELECT
@@ -191,7 +211,12 @@
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer
</foreach>
- AND entity_id = #{user.entityID,jdbcType=INTEGER}
+ AND entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="true"/>
+ <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
AND permission = 'READ';
</select>
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/a1553979/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
index b4407bd..b04c9ca 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
@@ -166,13 +166,23 @@
<!-- Restrict to readable connections -->
JOIN guacamole_connection_permission ON
guacamole_connection_history.connection_id = guacamole_connection_permission.connection_id
- AND guacamole_connection_permission.user_id = #{user.objectID,jdbcType=INTEGER}
+ AND guacamole_connection_permission.entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="true"/>
+ <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
AND guacamole_connection_permission.permission = 'READ'
<!-- Restrict to readable users -->
JOIN guacamole_user_permission ON
guacamole_connection_history.user_id = guacamole_user_permission.affected_user_id
- AND guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER}
+ AND guacamole_user_permission.entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="true"/>
+ <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
AND guacamole_user_permission.permission = 'READ'
<!-- Search terms -->
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/a1553979/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
index 7e0b188..ffca72d 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
@@ -69,7 +69,12 @@
SELECT connection_group_id
FROM guacamole_connection_group_permission
WHERE
- entity_id = #{user.entityID,jdbcType=INTEGER}
+ entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="true"/>
+ <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
AND permission = 'READ'
</select>
@@ -90,7 +95,12 @@
WHERE
<if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}::integer</if>
<if test="parentIdentifier == null">parent_id IS NULL</if>
- AND entity_id = #{user.entityID,jdbcType=INTEGER}
+ AND entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="true"/>
+ <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
AND permission = 'READ'
</select>
@@ -161,7 +171,12 @@
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer
</foreach>
- AND entity_id = #{user.entityID,jdbcType=INTEGER}
+ AND entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="true"/>
+ <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
AND permission = 'READ';
SELECT parent_id, guacamole_connection_group.connection_group_id
@@ -172,7 +187,12 @@
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer
</foreach>
- AND entity_id = #{user.entityID,jdbcType=INTEGER}
+ AND entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="true"/>
+ <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
AND permission = 'READ';
SELECT parent_id, guacamole_connection.connection_id
@@ -183,7 +203,12 @@
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer
</foreach>
- AND entity_id = #{user.entityID,jdbcType=INTEGER}
+ AND entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="true"/>
+ <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
AND permission = 'READ';
SELECT
@@ -197,7 +222,12 @@
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer
</foreach>
- AND entity_id = #{user.entityID,jdbcType=INTEGER}
+ AND entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="true"/>
+ <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
AND permission = 'READ';
</select>
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/a1553979/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
index c8ec936..a21b7d5 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
@@ -35,11 +35,17 @@
<select id="select" resultMap="ConnectionGroupPermissionResultMap">
SELECT
- entity_id,
+ #{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission,
connection_group_id
FROM guacamole_connection_group_permission
- WHERE entity_id = #{entity.entityID,jdbcType=INTEGER}
+ WHERE
+ entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="inherit"/>
+ <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
</select>
@@ -47,12 +53,17 @@
<select id="selectOne" resultMap="ConnectionGroupPermissionResultMap">
SELECT
- entity_id,
+ #{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission,
connection_group_id
FROM guacamole_connection_group_permission
WHERE
- entity_id = #{entity.entityID,jdbcType=INTEGER}
+ entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="inherit"/>
+ <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type
AND connection_group_id = #{identifier,jdbcType=INTEGER}::integer
@@ -64,7 +75,12 @@
SELECT DISTINCT connection_group_id
FROM guacamole_connection_group_permission
WHERE
- entity_id = #{entity.entityID,jdbcType=INTEGER}
+ entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="inherit"/>
+ <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
AND connection_group_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/a1553979/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
index 99eed28..5d911de 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
@@ -35,11 +35,17 @@
<select id="select" resultMap="ConnectionPermissionResultMap">
SELECT
- entity_id,
+ #{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission,
connection_id
FROM guacamole_connection_permission
- WHERE entity_id = #{entity.entityID,jdbcType=INTEGER}
+ WHERE
+ entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="inherit"/>
+ <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
</select>
@@ -47,12 +53,17 @@
<select id="selectOne" resultMap="ConnectionPermissionResultMap">
SELECT
- entity_id,
+ #{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission,
connection_id
FROM guacamole_connection_permission
WHERE
- entity_id = #{entity.entityID,jdbcType=INTEGER}
+ entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="inherit"/>
+ <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type
AND connection_id = #{identifier,jdbcType=INTEGER}::integer
@@ -64,7 +75,12 @@
SELECT DISTINCT connection_id
FROM guacamole_connection_permission
WHERE
- entity_id = #{entity.entityID,jdbcType=INTEGER}
+ entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="inherit"/>
+ <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
AND connection_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/a1553979/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml
index 73d0ad4..68b3032 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml
@@ -35,11 +35,18 @@
<select id="select" resultMap="SharingProfilePermissionResultMap">
SELECT
- entity_id,
+ #{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission,
sharing_profile_id
FROM guacamole_sharing_profile_permission
- WHERE entity_id = #{entity.entityID,jdbcType=INTEGER}
+ WHERE
+ entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="inherit"/>
+ <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
+
</select>
@@ -47,12 +54,17 @@
<select id="selectOne" resultMap="SharingProfilePermissionResultMap">
SELECT
- entity_id,
+ #{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission,
sharing_profile_id
FROM guacamole_sharing_profile_permission
WHERE
- entity_id = #{entity.entityID,jdbcType=INTEGER}
+ entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="inherit"/>
+ <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type
AND sharing_profile_id = #{identifier,jdbcType=INTEGER}::integer
@@ -64,7 +76,12 @@
SELECT DISTINCT sharing_profile_id
FROM guacamole_sharing_profile_permission
WHERE
- entity_id = #{entity.entityID,jdbcType=INTEGER}
+ entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="inherit"/>
+ <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
AND sharing_profile_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/a1553979/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml
index 5e75891..25ebf97 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml
@@ -33,23 +33,34 @@
<!-- Select all permissions for a given entity -->
<select id="select" resultMap="SystemPermissionResultMap">
- SELECT
- entity_id,
+ SELECT DISTINCT
+ #{entity.entityID} AS entity_id,
permission
FROM guacamole_system_permission
- WHERE entity_id = #{entity.entityID,jdbcType=INTEGER}
+ WHERE
+ entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="inherit"/>
+ <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
</select>
<!-- Select the single permission matching the given criteria -->
<select id="selectOne" resultMap="SystemPermissionResultMap">
- SELECT
- entity_id,
+ SELECT DISTINCT
+ #{entity.entityID} AS entity_id,
permission
FROM guacamole_system_permission
WHERE
- entity_id = #{entity.entityID,jdbcType=INTEGER}
+ entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="inherit"/>
+ <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
AND permission = #{type,jdbcType=VARCHAR}::guacamole_system_permission_type
</select>
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/a1553979/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
index d6680ea..e5a844a 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
@@ -35,14 +35,19 @@
<select id="select" resultMap="UserPermissionResultMap">
SELECT
- guacamole_user_permission.entity_id,
+ #{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission,
affected_entity.name AS affected_name
FROM guacamole_user_permission
JOIN guacamole_user affected_user ON guacamole_user_permission.affected_user_id = affected_user.user_id
JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id
WHERE
- guacamole_user_permission.entity_id = #{entity.entityID,jdbcType=INTEGER}
+ guacamole_user_permission.entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="inherit"/>
+ <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
AND affected_entity.type = 'USER'::guacamole_entity_type
</select>
@@ -51,14 +56,19 @@
<select id="selectOne" resultMap="UserPermissionResultMap">
SELECT
- guacamole_user_permission.entity_id,
+ #{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission,
affected_entity.name AS affected_name
FROM guacamole_user_permission
JOIN guacamole_user affected_user ON guacamole_user_permission.affected_user_id = affected_user.user_id
JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id
WHERE
- guacamole_user_permission.entity_id = #{entity.entityID,jdbcType=INTEGER}
+ guacamole_user_permission.entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="inherit"/>
+ <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type
AND affected_entity.name = #{identifier,jdbcType=VARCHAR}
AND affected_entity.type = 'USER'::guacamole_entity_type
@@ -73,7 +83,12 @@
JOIN guacamole_user affected_user ON guacamole_user_permission.affected_user_id = affected_user.user_id
JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id
WHERE
- guacamole_user_permission.entity_id = #{entity.entityID,jdbcType=INTEGER}
+ guacamole_user_permission.entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="inherit"/>
+ <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
AND affected_entity.name IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/a1553979/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml
index 66bd701..febf540 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml
@@ -52,7 +52,12 @@
SELECT sharing_profile_id
FROM guacamole_sharing_profile_permission
WHERE
- entity_id = #{user.entityID,jdbcType=INTEGER}
+ entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="true"/>
+ <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
AND permission = 'READ'
</select>
@@ -99,7 +104,12 @@
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer
</foreach>
- AND entity_id = #{user.entityID,jdbcType=INTEGER}
+ AND entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="true"/>
+ <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
AND permission = 'READ';
SELECT
@@ -113,7 +123,12 @@
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer
</foreach>
- AND entity_id = #{user.entityID,jdbcType=INTEGER}
+ AND entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="true"/>
+ <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
AND permission = 'READ';
</select>
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/a1553979/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml
index 796962d..654351f 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml
@@ -70,7 +70,12 @@
JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id
JOIN guacamole_user_permission ON affected_user_id = guacamole_user.user_id
WHERE
- guacamole_user_permission.entity_id = #{user.entityID,jdbcType=INTEGER}
+ guacamole_user_permission.entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="true"/>
+ <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
AND guacamole_entity.type = 'USER'::guacamole_entity_type
AND permission = 'READ'
</select>
@@ -158,7 +163,12 @@
#{identifier,jdbcType=VARCHAR}
</foreach>
AND guacamole_entity.type = 'USER'::guacamole_entity_type
- AND guacamole_user_permission.entity_id = #{user.entityID,jdbcType=INTEGER}
+ AND guacamole_user_permission.entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="true"/>
+ <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
AND permission = 'READ'
GROUP BY guacamole_user.user_id, guacamole_entity.entity_id;
@@ -176,7 +186,12 @@
#{identifier,jdbcType=VARCHAR}
</foreach>
AND guacamole_entity.type = 'USER'::guacamole_entity_type
- AND guacamole_user_permission.entity_id = #{user.entityID,jdbcType=INTEGER}
+ AND guacamole_user_permission.entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="true"/>
+ <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
AND permission = 'READ';
</select>
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/a1553979/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml
index 20cb2a8..862e2d7 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml
@@ -156,7 +156,12 @@
<!-- Restrict to readable users -->
JOIN guacamole_user_permission ON
guacamole_user_history.user_id = guacamole_user_permission.affected_user_id
- AND guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER}
+ AND guacamole_user_permission.entity_id IN (
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
+ <property name="inheritFlag" value="true"/>
+ <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
+ </include>
+ )
AND guacamole_user_permission.permission = 'READ'
<!-- Search terms -->