[GitHub] necouchman edited a comment on issue #381: GUACAMOLE-696: In JDBC module, merge effective groups

[GitBox <gi...@apache.org>]

necouchman edited a comment on issue #381: GUACAMOLE-696: In JDBC module, merge effective groups
URL: https://github.com/apache/guacamole-client/pull/381#issuecomment-468928439
 
 
   > From what I can tell, retrieval of effective user groups is already guaranteed to produce a set of distinct user groups (no duplicates) as it returns a Set<String>...Is this not the case?
   
   Yes, this is the case; however, the behavior that GUACAMOLE-696 deals with is the following:
   - User is defined in JDBC module.
   - User is member of groups in JDBC module.
   - Groups in JDBC module are assigned permissions to connections, system, etc.
   - User with matching username authenticates with LDAP
   - Permissions assigned to the JDBC group are not applied, because no matching group is found in LDAP, and the user did not authenticate through the JDBC module.
   
   What this change does (I think?) is to combine the user groups returned for a user, whether they authenticate through the JDBC module or not, by pulling both the groups for the  `AuthenticatedUser` (may or may not be JDBC user) and the `ModeledUser` object (from the database, matching the name of the logged in user) so that permissions apply to the user from group membership, regardless of whether the user logged in with the JDBC module.
   
   If there's a different/better way I should do this, I'm open to it - this just seems to work and is pretty minimal in terms of changes to accomplish it.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services