You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@guacamole.apache.org by mike-jumper <gi...@git.apache.org> on 2016/07/12 22:07:15 UTC
[GitHub] incubator-guacamole-client pull request #26: GUACAMOLE-5: Refactor /api/data...
GitHub user mike-jumper opened a pull request:
https://github.com/apache/incubator-guacamole-client/pull/26
GUACAMOLE-5: Refactor /api/data/... REST services into resources
The REST API changes required for the interface side of screen sharing require exposing additional resources beneath the existing `TunnelRESTService`, but this is inconvenient due to the structure of the REST services within Guacamole in general. Each such REST service re-implements the same lookup logic for every single subresource, and there is little potential for reuse among services that might need to return resources of a common type.
This enormous change refactors the main REST services under `/api/data` as resources, with the root `/api/data` being the only remaining REST service: `SessionDataRESTService`.
Beneath that, each `UserContext` applying to the user's session is exposed via a `UserContextResource`, which contains resources for each directory within the `UserContext`, which contain resources for each object within the directory, etc.
Common base classes have been used where possible, so the universal add/update/remove operations which apply to `Directory` need not be re-implemented across all resources which expose a `Directory`, though there are still cases where such operations are overridden to enforce additional semantics (such as denying access to editing your own user account).
Each new resource is split across a dedicated module which loads the required injections, an optional `DirectoryResource` implementation which exposes the related `Directory` (if the base class is insufficient), a `DirectoryObjectResource` implementation which exposes the objects themselves (always required as assisted injection cannot handle the additional generically-typed parameter for the corresponding factory `create()` method), and a `DirectoryObjectTranslator` implementation which translates between the internal and external versions of an object. The various types of resources are all created with factories, the implementations of which are generated dynamically by Guice's assisted injection extension.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/mike-jumper/incubator-guacamole-client subresources
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-guacamole-client/pull/26.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #26
----
commit d3a9cecb17f12903141a616bf051cf832b06fb69
Author: Michael Jumper <mj...@apache.org>
Date: 2016-07-12T06:44:56Z
GUACAMOLE-5: Define base classes for REST API subresource locators.
commit e579eae95cd93bf1defb8f64d8990a2d31e5331f
Author: Michael Jumper <mj...@apache.org>
Date: 2016-07-12T07:15:18Z
GUACAMOLE-5: Add root-level resources exposing UserContexts.
commit f440f558230e474032948f52f04f17bf4f17192a
Author: Michael Jumper <mj...@apache.org>
Date: 2016-07-12T07:20:36Z
GUACAMOLE-5: Validate that data was provided when creating/updating resources.
commit bca4e34b512e5b3935ffd41c94d14b95100d898c
Author: Michael Jumper <mj...@apache.org>
Date: 2016-07-12T07:31:52Z
GUACAMOLE-5: Provide UserContext to DirectoryObjectResourceFactory, in case needed by a particular resource (such as for additional permission checks).
commit 06b7887807d15b253ec8e1198e2cf865660402c1
Author: Michael Jumper <mj...@apache.org>
Date: 2016-07-12T07:49:46Z
GUACAMOLE-5: Replace ConnectionRESTService with new resource-driven implementation.
commit 71c2b4e4d4c274f5ef1fe2d3f5ecfcd40639de3a
Author: Michael Jumper <mj...@apache.org>
Date: 2016-07-12T18:41:59Z
GUACAMOLE-5: Replace ConnectionGroupRESTService with new resource-driven implementation.
commit 61d581ef0dced3ec1bf13d15de26a1980cc30413
Author: Michael Jumper <mj...@apache.org>
Date: 2016-07-12T19:25:24Z
GUACAMOLE-5: Replace ActiveConnectionRESTService with new resource-driven implementation.
commit 4430bd5a49a625632cd20971454e4fd603e4b0b4
Author: Michael Jumper <mj...@apache.org>
Date: 2016-07-12T20:01:42Z
GUACAMOLE-5: Replace UserRESTService with new resource-driven implementation.
commit c85ce75eb9fad0e18000496690e60314180df22c
Author: Michael Jumper <mj...@apache.org>
Date: 2016-07-12T20:19:19Z
GUACAMOLE-5: Move permission management to own resource.
commit 26ec6d1e322ee890da183ac8d0c9b71756c4538c
Author: Michael Jumper <mj...@apache.org>
Date: 2016-07-12T20:22:10Z
GUACAMOLE-5: Ensure random password is generated for new users (if not otherwise specified).
commit a8f407ccdfcfbc768f0eca6c71a33e0cb1ad6c5e
Author: Michael Jumper <mj...@apache.org>
Date: 2016-07-12T20:43:37Z
GUACAMOLE-5: Refactor HistoryRESTService as a resource.
commit a0a72e6a2c8b106eb277a79014c08ba4faaf5e0d
Author: Michael Jumper <mj...@apache.org>
Date: 2016-07-12T21:00:17Z
GUACAMOLE-5: Expose UserContext schema as a resource, not a separate REST service. Refactor URLs accordingly.
commit 3b2e1ee7fd3a1890ac3d583492103e3da350cdb9
Author: Michael Jumper <mj...@apache.org>
Date: 2016-07-12T21:02:34Z
GUACAMOLE-5: Rename SessionResource to SessionDataRESTService for consistency.
commit e20ba39c8b2be0f5de34be56d462c5d297e2e5e5
Author: Michael Jumper <mj...@apache.org>
Date: 2016-07-12T21:12:11Z
GUACAMOLE-5: Remove unneeded functions from ObjectRetrievalService.
commit b17d264201eedb5f7977444bb37c8c4d6e0c0433
Author: Michael Jumper <mj...@apache.org>
Date: 2016-07-12T21:47:47Z
GUACAMOLE-5: Take superclass into account when determining whether a method is a REST method.
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-guacamole-client pull request #26: GUACAMOLE-5: Refactor /api/data...
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/incubator-guacamole-client/pull/26
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-guacamole-client pull request #26: GUACAMOLE-5: Refactor /api/data...
Posted by jmuehlner <gi...@git.apache.org>.
Github user jmuehlner commented on a diff in the pull request:
https://github.com/apache/incubator-guacamole-client/pull/26#discussion_r70559307
--- Diff: guacamole/src/main/java/org/apache/guacamole/rest/directory/DirectoryResource.java ---
@@ -0,0 +1,265 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.rest.directory;
+
+import com.google.inject.assistedinject.Assisted;
+import com.google.inject.assistedinject.AssistedInject;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.MediaType;
+import org.apache.guacamole.GuacamoleClientException;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.GuacamoleResourceNotFoundException;
+import org.apache.guacamole.GuacamoleUnsupportedException;
+import org.apache.guacamole.net.auth.Directory;
+import org.apache.guacamole.net.auth.Identifiable;
+import org.apache.guacamole.net.auth.User;
+import org.apache.guacamole.net.auth.UserContext;
+import org.apache.guacamole.net.auth.permission.ObjectPermission;
+import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
+import org.apache.guacamole.net.auth.permission.SystemPermission;
+import org.apache.guacamole.net.auth.permission.SystemPermissionSet;
+import org.apache.guacamole.rest.APIPatch;
+import org.apache.guacamole.rest.PATCH;
+
+/**
+ * A REST resource which abstracts the operations available on all Guacamole
+ * Directory implementations, such as the creation of new objects, or listing
+ * of existing objects. A DirectoryResource functions as the parent of any
+ * number of child DirectoryObjectResources, which are created with the factory
+ * provided at the time of this object's construction.
+ *
+ * @author Michael Jumper
+ * @param <InternalType>
+ * The type of object contained within the Directory that this
+ * DirectoryResource exposes. To avoid coupling the REST API too tightly to
+ * the extension API, these objects are not directly serialized or
+ * deserialized when handling REST requests.
+ *
+ * @param <ExternalType>
+ * The type of object used in interchange (ie: serialized/deserialized as
+ * JSON) between REST clients and this DirectoryResource when representing
+ * the InternalType.
+ */
+@Produces(MediaType.APPLICATION_JSON)
+@Consumes(MediaType.APPLICATION_JSON)
+public class DirectoryResource<InternalType extends Identifiable, ExternalType> {
+
+ /**
+ * The UserContext associated with the Directory being exposed by this
+ * DirectoryResource.
+ */
+ private final UserContext userContext;
+
+ /**
+ * The Directory being exposed by this DirectoryResource.
+ */
+ private final Directory<InternalType> directory;
+
+ /**
+ * A DirectoryObjectTranslator implementation which handles the type of
+ * objects contained within the Directory exposed by this DirectoryResource.
+ */
+ private final DirectoryObjectTranslator<InternalType, ExternalType> translator;
+
+ /**
+ * A factory which can be used to create instances of resources representing
+ * individual objects contained within the Directory exposed by this
+ * DirectoryResource.
+ */
+ private final DirectoryObjectResourceFactory<InternalType, ExternalType> resourceFactory;
+
+ /**
+ * Creates a new DirectoryResource which exposes the operations available
+ * for the given Directory.
+ *
+ * @param userContext
+ * The UserContext associated with the given Directory.
+ *
+ * @param directory
+ * The Directory being exposed by this DirectoryResource.
+ *
+ * @param translator
+ * A DirectoryObjectTranslator implementation which handles the type of
+ * objects contained within the given Directory.
+ *
+ * @param resourceFactory
+ * A factory which can be used to create instances of resources
+ * representing individual objects contained within the given Directory.
+ */
+ @AssistedInject
+ public DirectoryResource(@Assisted UserContext userContext,
+ @Assisted Directory<InternalType> directory,
+ DirectoryObjectTranslator<InternalType, ExternalType> translator,
+ DirectoryObjectResourceFactory<InternalType, ExternalType> resourceFactory) {
+ this.userContext = userContext;
+ this.directory = directory;
+ this.translator = translator;
+ this.resourceFactory = resourceFactory;
+ }
+
+ /**
+ * Returns a map of all objects available within this DirectoryResource,
+ * filtering the returned map by the given permission, if specified.
+ *
+ * @param permissions
+ * The set of permissions to filter with. A user must have one or more
+ * of these permissions for a user to appear in the result.
--- End diff --
"for a user to appear"?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-guacamole-client pull request #26: GUACAMOLE-5: Refactor /api/data...
Posted by jmuehlner <gi...@git.apache.org>.
Github user jmuehlner commented on a diff in the pull request:
https://github.com/apache/incubator-guacamole-client/pull/26#discussion_r70556797
--- Diff: guacamole/src/main/java/org/apache/guacamole/rest/ObjectRetrievalService.java ---
@@ -23,19 +23,11 @@
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleResourceNotFoundException;
import org.apache.guacamole.net.auth.AuthenticationProvider;
-import org.apache.guacamole.net.auth.Connection;
-import org.apache.guacamole.net.auth.ConnectionGroup;
-import org.apache.guacamole.net.auth.Directory;
-import org.apache.guacamole.net.auth.User;
import org.apache.guacamole.net.auth.UserContext;
import org.apache.guacamole.GuacamoleSession;
-import org.apache.guacamole.rest.connectiongroup.APIConnectionGroup;
/**
- * Provides easy access and automatic error handling for retrieval of objects,
- * such as users, connections, or connection groups. REST API semantics, such
- * as the special root connection group identifier, are also handled
- * automatically.
+ * Provides easy access and automatic error handling for retrieval of objects.
--- End diff --
Should this even be called ObjectRetrievalService anymore? All it does is get userContexts out of the session at this point.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-guacamole-client pull request #26: GUACAMOLE-5: Refactor /api/data...
Posted by mike-jumper <gi...@git.apache.org>.
Github user mike-jumper commented on a diff in the pull request:
https://github.com/apache/incubator-guacamole-client/pull/26#discussion_r70564485
--- Diff: guacamole/src/main/java/org/apache/guacamole/rest/activeconnection/ActiveConnectionResource.java ---
@@ -0,0 +1,70 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.rest.activeconnection;
+
+import com.google.inject.assistedinject.Assisted;
+import com.google.inject.assistedinject.AssistedInject;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+import org.apache.guacamole.net.auth.ActiveConnection;
+import org.apache.guacamole.net.auth.Directory;
+import org.apache.guacamole.net.auth.UserContext;
+import org.apache.guacamole.rest.directory.DirectoryObjectResource;
+import org.apache.guacamole.rest.directory.DirectoryObjectTranslator;
+
+/**
+ * A REST resource which abstracts the operations available on an existing
+ * ActiveConnection.
+ *
+ * @author Michael Jumper
+ */
+@Produces(MediaType.APPLICATION_JSON)
+@Consumes(MediaType.APPLICATION_JSON)
+public class ActiveConnectionResource
+ extends DirectoryObjectResource<ActiveConnection, APIActiveConnection> {
+
+ /**
+ * Creates a new ActiveConnectionResource which exposes the operations and
+ * subresources available for the given ActiveConnection.
+ *
+ * @param userContext
+ * The UserContext associated with the given Directory.
+ *
+ * @param directory
+ * The Directory which contains the given ActiveConnection.
+ *
+ * @param connection
+ * The ActiveConnection that this ActiveConnectionResource should
+ * represent.
+ *
+ * @param translator
+ * A DirectoryObjectTranslator implementation which handles
+ * ActiveConnections.
+ */
+ @AssistedInject
+ public ActiveConnectionResource(@Assisted UserContext userContext,
--- End diff --
It's required by Guice's assisted injection. If the parameter is missing, it can't figure out how to map the factory's `create()` function.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-guacamole-client pull request #26: GUACAMOLE-5: Refactor /api/data...
Posted by mike-jumper <gi...@git.apache.org>.
Github user mike-jumper commented on a diff in the pull request:
https://github.com/apache/incubator-guacamole-client/pull/26#discussion_r70557143
--- Diff: guacamole/src/main/java/org/apache/guacamole/rest/ObjectRetrievalService.java ---
@@ -23,19 +23,11 @@
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleResourceNotFoundException;
import org.apache.guacamole.net.auth.AuthenticationProvider;
-import org.apache.guacamole.net.auth.Connection;
-import org.apache.guacamole.net.auth.ConnectionGroup;
-import org.apache.guacamole.net.auth.Directory;
-import org.apache.guacamole.net.auth.User;
import org.apache.guacamole.net.auth.UserContext;
import org.apache.guacamole.GuacamoleSession;
-import org.apache.guacamole.rest.connectiongroup.APIConnectionGroup;
/**
- * Provides easy access and automatic error handling for retrieval of objects,
- * such as users, connections, or connection groups. REST API semantics, such
- * as the special root connection group identifier, are also handled
- * automatically.
+ * Provides easy access and automatic error handling for retrieval of objects.
--- End diff --
I think I can get rid of this entirely, actually ...
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-guacamole-client pull request #26: GUACAMOLE-5: Refactor /api/data...
Posted by jmuehlner <gi...@git.apache.org>.
Github user jmuehlner commented on a diff in the pull request:
https://github.com/apache/incubator-guacamole-client/pull/26#discussion_r70557739
--- Diff: guacamole/src/main/java/org/apache/guacamole/rest/activeconnection/ActiveConnectionResource.java ---
@@ -0,0 +1,70 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.rest.activeconnection;
+
+import com.google.inject.assistedinject.Assisted;
+import com.google.inject.assistedinject.AssistedInject;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+import org.apache.guacamole.net.auth.ActiveConnection;
+import org.apache.guacamole.net.auth.Directory;
+import org.apache.guacamole.net.auth.UserContext;
+import org.apache.guacamole.rest.directory.DirectoryObjectResource;
+import org.apache.guacamole.rest.directory.DirectoryObjectTranslator;
+
+/**
+ * A REST resource which abstracts the operations available on an existing
+ * ActiveConnection.
+ *
+ * @author Michael Jumper
+ */
+@Produces(MediaType.APPLICATION_JSON)
+@Consumes(MediaType.APPLICATION_JSON)
+public class ActiveConnectionResource
+ extends DirectoryObjectResource<ActiveConnection, APIActiveConnection> {
+
+ /**
+ * Creates a new ActiveConnectionResource which exposes the operations and
+ * subresources available for the given ActiveConnection.
+ *
+ * @param userContext
+ * The UserContext associated with the given Directory.
+ *
+ * @param directory
+ * The Directory which contains the given ActiveConnection.
+ *
+ * @param connection
+ * The ActiveConnection that this ActiveConnectionResource should
+ * represent.
+ *
+ * @param translator
+ * A DirectoryObjectTranslator implementation which handles
+ * ActiveConnections.
+ */
+ @AssistedInject
+ public ActiveConnectionResource(@Assisted UserContext userContext,
--- End diff --
Where is the userContext parameter used?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-guacamole-client pull request #26: GUACAMOLE-5: Refactor /api/data...
Posted by jmuehlner <gi...@git.apache.org>.
Github user jmuehlner commented on a diff in the pull request:
https://github.com/apache/incubator-guacamole-client/pull/26#discussion_r70560762
--- Diff: guacamole/src/main/java/org/apache/guacamole/rest/user/UserResource.java ---
@@ -0,0 +1,195 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.rest.user;
+
+import com.google.inject.assistedinject.Assisted;
+import com.google.inject.assistedinject.AssistedInject;
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.GuacamoleSecurityException;
+import org.apache.guacamole.net.auth.AuthenticationProvider;
+import org.apache.guacamole.net.auth.Credentials;
+import org.apache.guacamole.net.auth.User;
+import org.apache.guacamole.net.auth.Directory;
+import org.apache.guacamole.net.auth.UserContext;
+import org.apache.guacamole.net.auth.credentials.GuacamoleCredentialsException;
+import org.apache.guacamole.rest.directory.DirectoryObjectResource;
+import org.apache.guacamole.rest.directory.DirectoryObjectTranslator;
+import org.apache.guacamole.rest.permission.PermissionSetResource;
+
+/**
+ * A REST resource which abstracts the operations available on an existing
+ * User.
+ *
+ * @author Michael Jumper
+ */
+@Produces(MediaType.APPLICATION_JSON)
+@Consumes(MediaType.APPLICATION_JSON)
+public class UserResource
+ extends DirectoryObjectResource<User, APIUser> {
+
+ /**
+ * The prefix of any path within an operation of a JSON patch which
+ * modifies the permissions of a user regarding a specific connection.
+ */
+ private static final String CONNECTION_PERMISSION_PATCH_PATH_PREFIX = "/connectionPermissions/";
--- End diff --
What are all these constants for?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-guacamole-client pull request #26: GUACAMOLE-5: Refactor /api/data...
Posted by jmuehlner <gi...@git.apache.org>.
Github user jmuehlner commented on a diff in the pull request:
https://github.com/apache/incubator-guacamole-client/pull/26#discussion_r70559396
--- Diff: guacamole/src/main/java/org/apache/guacamole/rest/directory/DirectoryResource.java ---
@@ -0,0 +1,265 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.rest.directory;
+
+import com.google.inject.assistedinject.Assisted;
+import com.google.inject.assistedinject.AssistedInject;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.MediaType;
+import org.apache.guacamole.GuacamoleClientException;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.GuacamoleResourceNotFoundException;
+import org.apache.guacamole.GuacamoleUnsupportedException;
+import org.apache.guacamole.net.auth.Directory;
+import org.apache.guacamole.net.auth.Identifiable;
+import org.apache.guacamole.net.auth.User;
+import org.apache.guacamole.net.auth.UserContext;
+import org.apache.guacamole.net.auth.permission.ObjectPermission;
+import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
+import org.apache.guacamole.net.auth.permission.SystemPermission;
+import org.apache.guacamole.net.auth.permission.SystemPermissionSet;
+import org.apache.guacamole.rest.APIPatch;
+import org.apache.guacamole.rest.PATCH;
+
+/**
+ * A REST resource which abstracts the operations available on all Guacamole
+ * Directory implementations, such as the creation of new objects, or listing
+ * of existing objects. A DirectoryResource functions as the parent of any
+ * number of child DirectoryObjectResources, which are created with the factory
+ * provided at the time of this object's construction.
+ *
+ * @author Michael Jumper
+ * @param <InternalType>
+ * The type of object contained within the Directory that this
+ * DirectoryResource exposes. To avoid coupling the REST API too tightly to
+ * the extension API, these objects are not directly serialized or
+ * deserialized when handling REST requests.
+ *
+ * @param <ExternalType>
+ * The type of object used in interchange (ie: serialized/deserialized as
+ * JSON) between REST clients and this DirectoryResource when representing
+ * the InternalType.
+ */
+@Produces(MediaType.APPLICATION_JSON)
+@Consumes(MediaType.APPLICATION_JSON)
+public class DirectoryResource<InternalType extends Identifiable, ExternalType> {
+
+ /**
+ * The UserContext associated with the Directory being exposed by this
+ * DirectoryResource.
+ */
+ private final UserContext userContext;
+
+ /**
+ * The Directory being exposed by this DirectoryResource.
+ */
+ private final Directory<InternalType> directory;
+
+ /**
+ * A DirectoryObjectTranslator implementation which handles the type of
+ * objects contained within the Directory exposed by this DirectoryResource.
+ */
+ private final DirectoryObjectTranslator<InternalType, ExternalType> translator;
+
+ /**
+ * A factory which can be used to create instances of resources representing
+ * individual objects contained within the Directory exposed by this
+ * DirectoryResource.
+ */
+ private final DirectoryObjectResourceFactory<InternalType, ExternalType> resourceFactory;
+
+ /**
+ * Creates a new DirectoryResource which exposes the operations available
+ * for the given Directory.
+ *
+ * @param userContext
+ * The UserContext associated with the given Directory.
+ *
+ * @param directory
+ * The Directory being exposed by this DirectoryResource.
+ *
+ * @param translator
+ * A DirectoryObjectTranslator implementation which handles the type of
+ * objects contained within the given Directory.
+ *
+ * @param resourceFactory
+ * A factory which can be used to create instances of resources
+ * representing individual objects contained within the given Directory.
+ */
+ @AssistedInject
+ public DirectoryResource(@Assisted UserContext userContext,
+ @Assisted Directory<InternalType> directory,
+ DirectoryObjectTranslator<InternalType, ExternalType> translator,
+ DirectoryObjectResourceFactory<InternalType, ExternalType> resourceFactory) {
+ this.userContext = userContext;
+ this.directory = directory;
+ this.translator = translator;
+ this.resourceFactory = resourceFactory;
+ }
+
+ /**
+ * Returns a map of all objects available within this DirectoryResource,
+ * filtering the returned map by the given permission, if specified.
+ *
+ * @param permissions
+ * The set of permissions to filter with. A user must have one or more
+ * of these permissions for a user to appear in the result.
+ * If null, no filtering will be performed.
+ *
+ * @return
+ * A map of all visible objects. If a permission was specified, this
+ * map will contain only those objects for which the current user has
+ * that permission.
+ *
+ * @throws GuacamoleException
+ * If an error is encountered while retrieving the objects.
+ */
+ @GET
+ public Map<String, ExternalType> getObjects(
+ @QueryParam("permission") List<ObjectPermission.Type> permissions)
+ throws GuacamoleException {
+
+ // An admin user has access to all objects
+ User self = userContext.self();
+ SystemPermissionSet systemPermissions = self.getSystemPermissions();
+ boolean isAdmin = systemPermissions.hasPermission(SystemPermission.Type.ADMINISTER);
+
+ // Filter objects, if requested
+ Collection<String> identifiers = directory.getIdentifiers();
+ if (!isAdmin && permissions != null && !permissions.isEmpty()) {
+ ObjectPermissionSet objectPermissions = self.getUserPermissions();
+ identifiers = objectPermissions.getAccessibleObjects(permissions, identifiers);
+ }
+
+ Map<String, ExternalType> apiObjects = new HashMap<String, ExternalType>();
--- End diff --
For consistency, should maybe comment this section too?
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---