You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@guacamole.apache.org by vn...@apache.org on 2018/10/01 18:08:03 UTC
[02/38] guacamole-client git commit: GUACAMOLE-220: Refactor handling
of JDBC permissions to abstract away users vs. user groups.
GUACAMOLE-220: Refactor handling of JDBC permissions to abstract away users vs. user groups.
Project: http://git-wip-us.apache.org/repos/asf/guacamole-client/repo
Commit: http://git-wip-us.apache.org/repos/asf/guacamole-client/commit/69f58c8c
Tree: http://git-wip-us.apache.org/repos/asf/guacamole-client/tree/69f58c8c
Diff: http://git-wip-us.apache.org/repos/asf/guacamole-client/diff/69f58c8c
Branch: refs/heads/master
Commit: 69f58c8ca314c44822e0eaab354b5f722a01ac89
Parents: 14d10fb
Author: Michael Jumper <mj...@apache.org>
Authored: Sat Apr 7 19:10:38 2018 -0700
Committer: Michael Jumper <mj...@apache.org>
Committed: Wed Sep 19 23:56:51 2018 -0700
----------------------------------------------------------------------
.../jdbc/JDBCAuthenticationProviderModule.java | 2 +
.../ActiveConnectionPermissionService.java | 37 +--
.../guacamole/auth/jdbc/base/EntityMapper.java | 22 ++
.../guacamole/auth/jdbc/base/EntityService.java | 65 +++++
.../auth/jdbc/base/ModeledPermissions.java | 266 +++++++++++++++++++
.../permission/AbstractPermissionService.java | 59 +++-
.../ConnectionGroupPermissionService.java | 11 +-
.../permission/ConnectionPermissionService.java | 11 +-
.../ModeledObjectPermissionService.java | 68 ++---
.../permission/ModeledPermissionService.java | 37 +--
.../permission/ObjectPermissionService.java | 37 +--
.../jdbc/permission/ObjectPermissionSet.java | 42 +--
.../auth/jdbc/permission/PermissionService.java | 66 ++---
.../SharingProfilePermissionService.java | 11 +-
.../permission/SystemPermissionService.java | 42 +--
.../jdbc/permission/SystemPermissionSet.java | 40 +--
.../jdbc/permission/UserPermissionService.java | 11 +-
.../guacamole/auth/jdbc/user/ModeledUser.java | 191 +------------
.../guacamole/auth/jdbc/user/UserMapper.java | 22 --
.../guacamole/auth/jdbc/user/UserService.java | 28 --
.../guacamole/auth/jdbc/base/EntityMapper.xml | 38 +++
.../guacamole/auth/jdbc/user/UserMapper.xml | 38 ---
22 files changed, 673 insertions(+), 471 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/69f58c8c/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
index 17dfc5d..48c95c7 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
@@ -60,6 +60,7 @@ import org.apache.guacamole.auth.jdbc.activeconnection.ActiveConnectionPermissio
import org.apache.guacamole.auth.jdbc.activeconnection.ActiveConnectionService;
import org.apache.guacamole.auth.jdbc.activeconnection.TrackedActiveConnection;
import org.apache.guacamole.auth.jdbc.base.EntityMapper;
+import org.apache.guacamole.auth.jdbc.base.EntityService;
import org.apache.guacamole.auth.jdbc.connection.ConnectionParameterMapper;
import org.apache.guacamole.auth.jdbc.permission.SharingProfilePermissionMapper;
import org.apache.guacamole.auth.jdbc.permission.SharingProfilePermissionService;
@@ -161,6 +162,7 @@ public class JDBCAuthenticationProviderModule extends MyBatisModule {
bind(ConnectionPermissionService.class);
bind(ConnectionSharingService.class);
bind(ConnectionService.class);
+ bind(EntityService.class);
bind(GuacamoleTunnelService.class).to(RestrictedGuacamoleTunnelService.class);
bind(PasswordEncryptionService.class).to(SHA256PasswordEncryptionService.class);
bind(PasswordPolicyService.class);
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/69f58c8c/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionPermissionService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionPermissionService.java
index a0511b8..e7cbd5d 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionPermissionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionPermissionService.java
@@ -27,12 +27,13 @@ import java.util.HashSet;
import java.util.Set;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleSecurityException;
+import org.apache.guacamole.auth.jdbc.base.EntityModel;
+import org.apache.guacamole.auth.jdbc.base.ModeledPermissions;
import org.apache.guacamole.auth.jdbc.permission.AbstractPermissionService;
import org.apache.guacamole.auth.jdbc.permission.ObjectPermissionService;
import org.apache.guacamole.auth.jdbc.tunnel.ActiveConnectionRecord;
import org.apache.guacamole.auth.jdbc.tunnel.GuacamoleTunnelService;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
-import org.apache.guacamole.auth.jdbc.user.ModeledUser;
import org.apache.guacamole.net.auth.permission.ObjectPermission;
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
@@ -58,12 +59,13 @@ public class ActiveConnectionPermissionService
@Override
public boolean hasPermission(ModeledAuthenticatedUser user,
- ModeledUser targetUser, ObjectPermission.Type type,
- String identifier, Set<String> effectiveGroups) throws GuacamoleException {
+ ModeledPermissions<? extends EntityModel> targetEntity,
+ ObjectPermission.Type type, String identifier,
+ Set<String> effectiveGroups) throws GuacamoleException {
// Retrieve permissions
Set<ObjectPermission> permissions = retrievePermissions(user,
- targetUser, effectiveGroups);
+ targetEntity, effectiveGroups);
// Permission is granted if retrieved permissions contains the
// requested permission
@@ -74,14 +76,14 @@ public class ActiveConnectionPermissionService
@Override
public Set<ObjectPermission> retrievePermissions(ModeledAuthenticatedUser user,
- ModeledUser targetUser, Set<String> effectiveGroups)
- throws GuacamoleException {
+ ModeledPermissions<? extends EntityModel> targetEntity,
+ Set<String> effectiveGroups) throws GuacamoleException {
// Retrieve permissions only if allowed
- if (canReadPermissions(user, targetUser)) {
+ if (canReadPermissions(user, targetEntity)) {
// Only administrators may access active connections
- boolean isAdmin = targetUser.isAdministrator();
+ boolean isAdmin = targetEntity.isAdministrator();
// Get all active connections
Collection<ActiveConnectionRecord> records = tunnelService.getActiveConnections(user);
@@ -110,11 +112,12 @@ public class ActiveConnectionPermissionService
@Override
public Collection<String> retrieveAccessibleIdentifiers(ModeledAuthenticatedUser user,
- ModeledUser targetUser, Collection<ObjectPermission.Type> permissionTypes,
+ ModeledPermissions<? extends EntityModel> targetEntity,
+ Collection<ObjectPermission.Type> permissionTypes,
Collection<String> identifiers, Set<String> effectiveGroups)
throws GuacamoleException {
- Set<ObjectPermission> permissions = retrievePermissions(user, targetUser, effectiveGroups);
+ Set<ObjectPermission> permissions = retrievePermissions(user, targetEntity, effectiveGroups);
Collection<String> accessibleObjects = new ArrayList<String>(permissions.size());
// For each identifier/permission combination
@@ -137,12 +140,12 @@ public class ActiveConnectionPermissionService
@Override
public ObjectPermissionSet getPermissionSet(ModeledAuthenticatedUser user,
- ModeledUser targetUser, Set<String> effectiveGroups)
- throws GuacamoleException {
+ ModeledPermissions<? extends EntityModel> targetEntity,
+ Set<String> effectiveGroups) throws GuacamoleException {
- // Create permission set for requested user
+ // Create permission set for requested entity
ActiveConnectionPermissionSet permissionSet = activeConnectionPermissionSetProvider.get();
- permissionSet.init(user, targetUser, effectiveGroups);
+ permissionSet.init(user, targetEntity, effectiveGroups);
return permissionSet;
@@ -150,7 +153,8 @@ public class ActiveConnectionPermissionService
@Override
public void createPermissions(ModeledAuthenticatedUser user,
- ModeledUser targetUser, Collection<ObjectPermission> permissions)
+ ModeledPermissions<? extends EntityModel> targetEntity,
+ Collection<ObjectPermission> permissions)
throws GuacamoleException {
// Creating active connection permissions is not implemented
@@ -160,7 +164,8 @@ public class ActiveConnectionPermissionService
@Override
public void deletePermissions(ModeledAuthenticatedUser user,
- ModeledUser targetUser, Collection<ObjectPermission> permissions)
+ ModeledPermissions<? extends EntityModel> targetEntity,
+ Collection<ObjectPermission> permissions)
throws GuacamoleException {
// Deleting active connection permissions is not implemented
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/69f58c8c/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityMapper.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityMapper.java
index 14657ce..31efad5 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityMapper.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityMapper.java
@@ -19,6 +19,8 @@
package org.apache.guacamole.auth.jdbc.base;
+import java.util.Collection;
+import java.util.Set;
import org.apache.ibatis.annotations.Param;
/**
@@ -40,4 +42,24 @@ public interface EntityMapper {
*/
int insert(@Param("entity") EntityModel entity);
+ /**
+ * Returns the set of all group identifiers of which the given entity is a
+ * member, taking into account the given collection of known group
+ * memberships which are not necessarily defined within the database.
+ *
+ * @param entity
+ * The entity whose effective groups should be returned.
+ *
+ * @param effectiveGroups
+ * The identifiers of any known effective groups that should be taken
+ * into account, such as those defined externally to the database.
+ *
+ * @return
+ * The set of identifiers of all groups that the given entity is a
+ * member of, including those where membership is inherited through
+ * membership in other groups.
+ */
+ Set<String> selectEffectiveGroupIdentifiers(@Param("entity") EntityModel entity,
+ @Param("effectiveGroups") Collection<String> effectiveGroups);
+
}
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/69f58c8c/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityService.java
new file mode 100644
index 0000000..fa71fee
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityService.java
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.jdbc.base;
+
+import com.google.inject.Inject;
+import java.util.Collection;
+import java.util.Set;
+
+/**
+ * Service which provides convenience methods for creating, retrieving, and
+ * manipulating entities.
+ */
+public class EntityService {
+
+ /**
+ * Mapper for Entity model objects.
+ */
+ @Inject
+ private EntityMapper entityMapper;
+
+ /**
+ * Returns the set of all group identifiers of which the given entity is a
+ * member, taking into account the given collection of known group
+ * memberships which are not necessarily defined within the database.
+ *
+ * Note that group visibility with respect to the queried entity is NOT
+ * taken into account. If the entity is a member of a group, the identifier
+ * of that group will be included in the returned set even if the current
+ * user lacks "READ" permission for that group.
+ *
+ * @param entity
+ * The entity whose effective groups should be returned.
+ *
+ * @param effectiveGroups
+ * The identifiers of any known effective groups that should be taken
+ * into account, such as those defined externally to the database.
+ *
+ * @return
+ * The set of identifiers of all groups that the given entity is a
+ * member of, including those where membership is inherited through
+ * membership in other groups.
+ */
+ public Set<String> retrieveEffectiveGroups(ModeledPermissions<? extends EntityModel> entity,
+ Collection<String> effectiveGroups) {
+ return entityMapper.selectEffectiveGroupIdentifiers(entity.getModel(), effectiveGroups);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/69f58c8c/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledPermissions.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledPermissions.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledPermissions.java
new file mode 100644
index 0000000..2f7808d
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledPermissions.java
@@ -0,0 +1,266 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.jdbc.base;
+
+import com.google.inject.Inject;
+import java.util.Collections;
+import java.util.Set;
+import org.apache.guacamole.auth.jdbc.permission.SystemPermissionService;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.auth.jdbc.activeconnection.ActiveConnectionPermissionService;
+import org.apache.guacamole.auth.jdbc.permission.ConnectionGroupPermissionService;
+import org.apache.guacamole.auth.jdbc.permission.ConnectionPermissionService;
+import org.apache.guacamole.auth.jdbc.permission.SharingProfilePermissionService;
+import org.apache.guacamole.auth.jdbc.permission.UserPermissionService;
+import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
+import org.apache.guacamole.net.auth.Permissions;
+import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
+import org.apache.guacamole.net.auth.permission.SystemPermission;
+import org.apache.guacamole.net.auth.permission.SystemPermissionSet;
+import org.apache.guacamole.net.auth.simple.SimpleObjectPermissionSet;
+
+/**
+ * An implementation of the base Permissions interface which is common to both
+ * Users and UserGroups, backed by a database model.
+ *
+ * @param <ModelType>
+ * The type of model object that corresponds to this object.
+ */
+public abstract class ModeledPermissions<ModelType extends EntityModel>
+ extends ModeledDirectoryObject<ModelType> implements Permissions {
+
+ /**
+ * Service for retrieving entity details.
+ */
+ @Inject
+ private EntityService entityService;
+
+ /**
+ * Service for retrieving system permissions.
+ */
+ @Inject
+ private SystemPermissionService systemPermissionService;
+
+ /**
+ * Service for retrieving connection permissions.
+ */
+ @Inject
+ private ConnectionPermissionService connectionPermissionService;
+
+ /**
+ * Service for retrieving connection group permissions.
+ */
+ @Inject
+ private ConnectionGroupPermissionService connectionGroupPermissionService;
+
+ /**
+ * Service for retrieving sharing profile permissions.
+ */
+ @Inject
+ private SharingProfilePermissionService sharingProfilePermissionService;
+
+ /**
+ * Service for retrieving active connection permissions.
+ */
+ @Inject
+ private ActiveConnectionPermissionService activeConnectionPermissionService;
+
+ /**
+ * Service for retrieving user permissions.
+ */
+ @Inject
+ private UserPermissionService userPermissionService;
+
+ /**
+ * Returns whether the underlying entity is a user. Entities may be either
+ * users or user groups.
+ *
+ * @return
+ * true if the underlying entity is a user, false otherwise.
+ */
+ public boolean isUser() {
+ return getModel().getEntityType() == EntityType.USER;
+ }
+
+ /**
+ * Returns whether the underlying entity is a user group. Entities may be
+ * either users or user groups.
+ *
+ * @return
+ * true if the underlying entity is a user group, false otherwise.
+ */
+ public boolean isUserGroup() {
+ return getModel().getEntityType() == EntityType.USER_GROUP;
+ }
+
+ /**
+ * Returns whether this entity is a system administrator, and thus is not
+ * restricted by permissions, taking into account permission inheritance
+ * via user groups.
+ *
+ * @return
+ * true if this entity is a system administrator, false otherwise.
+ *
+ * @throws GuacamoleException
+ * If an error occurs while determining the entity's system administrator
+ * status.
+ */
+ public boolean isAdministrator() throws GuacamoleException {
+ SystemPermissionSet systemPermissionSet = getEffective().getSystemPermissions();
+ return systemPermissionSet.hasPermission(SystemPermission.Type.ADMINISTER);
+ }
+
+ @Override
+ public SystemPermissionSet getSystemPermissions()
+ throws GuacamoleException {
+ return systemPermissionService.getPermissionSet(getCurrentUser(), this,
+ Collections.<String>emptySet());
+ }
+
+ @Override
+ public ObjectPermissionSet getConnectionPermissions()
+ throws GuacamoleException {
+ return connectionPermissionService.getPermissionSet(getCurrentUser(),
+ this, Collections.<String>emptySet());
+ }
+
+ @Override
+ public ObjectPermissionSet getConnectionGroupPermissions()
+ throws GuacamoleException {
+ return connectionGroupPermissionService.getPermissionSet(
+ getCurrentUser(), this, Collections.<String>emptySet());
+ }
+
+ @Override
+ public ObjectPermissionSet getSharingProfilePermissions()
+ throws GuacamoleException {
+ return sharingProfilePermissionService.getPermissionSet(
+ getCurrentUser(), this, Collections.<String>emptySet());
+ }
+
+ @Override
+ public ObjectPermissionSet getActiveConnectionPermissions()
+ throws GuacamoleException {
+ return activeConnectionPermissionService.getPermissionSet(
+ getCurrentUser(), this, Collections.<String>emptySet());
+ }
+
+ @Override
+ public ObjectPermissionSet getUserPermissions()
+ throws GuacamoleException {
+ return userPermissionService.getPermissionSet(getCurrentUser(), this,
+ Collections.<String>emptySet());
+ }
+
+ @Override
+ public ObjectPermissionSet getUserGroupPermissions() throws GuacamoleException {
+ // FIXME: STUB
+ return new SimpleObjectPermissionSet();
+ }
+
+ /**
+ * Returns the identifiers of all user groups defined within the database
+ * which apply to this user, including any groups inherited through
+ * membership in yet more groups.
+ *
+ * @return
+ * The identifiers of all user groups defined within the database which
+ * apply to this user.
+ */
+ public Set<String> getEffectiveUserGroups() {
+ return entityService.retrieveEffectiveGroups(this,
+ Collections.<String>emptySet());
+ }
+
+ /**
+ * Returns a Permissions object which represents all permissions granted to
+ * this entity, including any permissions inherited through group
+ * membership.
+ *
+ * @return
+ * A Permissions object which represents all permissions granted to
+ * this entity.
+ */
+ public Permissions getEffective() {
+
+ final ModeledAuthenticatedUser authenticatedUser = getCurrentUser();
+ final Set<String> effectiveGroups;
+
+ // If this user is the currently-authenticated user, include any
+ // additional effective groups declared by the authentication system
+ if (authenticatedUser.getIdentifier().equals(getIdentifier()))
+ effectiveGroups = entityService.retrieveEffectiveGroups(this,
+ authenticatedUser.getEffectiveUserGroups());
+
+ // Otherwise, just include effective groups from the database
+ else
+ effectiveGroups = getEffectiveUserGroups();
+
+ // Return a permissions object which describes all effective
+ // permissions, including any permissions inherited via user groups
+ return new Permissions() {
+
+ @Override
+ public ObjectPermissionSet getActiveConnectionPermissions()
+ throws GuacamoleException {
+ return activeConnectionPermissionService.getPermissionSet(authenticatedUser, ModeledPermissions.this, effectiveGroups);
+ }
+
+ @Override
+ public ObjectPermissionSet getConnectionGroupPermissions()
+ throws GuacamoleException {
+ return connectionGroupPermissionService.getPermissionSet(authenticatedUser, ModeledPermissions.this, effectiveGroups);
+ }
+
+ @Override
+ public ObjectPermissionSet getConnectionPermissions()
+ throws GuacamoleException {
+ return connectionPermissionService.getPermissionSet(authenticatedUser, ModeledPermissions.this, effectiveGroups);
+ }
+
+ @Override
+ public ObjectPermissionSet getSharingProfilePermissions()
+ throws GuacamoleException {
+ return sharingProfilePermissionService.getPermissionSet(authenticatedUser, ModeledPermissions.this, effectiveGroups);
+ }
+
+ @Override
+ public SystemPermissionSet getSystemPermissions()
+ throws GuacamoleException {
+ return systemPermissionService.getPermissionSet(authenticatedUser, ModeledPermissions.this, effectiveGroups);
+ }
+
+ @Override
+ public ObjectPermissionSet getUserPermissions()
+ throws GuacamoleException {
+ return userPermissionService.getPermissionSet(authenticatedUser, ModeledPermissions.this, effectiveGroups);
+ }
+
+ @Override
+ public ObjectPermissionSet getUserGroupPermissions()
+ throws GuacamoleException {
+ // FIXME: STUB
+ return new SimpleObjectPermissionSet();
+ }
+
+ };
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/69f58c8c/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/AbstractPermissionService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/AbstractPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/AbstractPermissionService.java
index 74f35fb..6e4ddfa 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/AbstractPermissionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/AbstractPermissionService.java
@@ -20,8 +20,10 @@
package org.apache.guacamole.auth.jdbc.permission;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
-import org.apache.guacamole.auth.jdbc.user.ModeledUser;
import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.auth.jdbc.base.EntityModel;
+import org.apache.guacamole.auth.jdbc.base.ModeledPermissions;
+import org.apache.guacamole.auth.jdbc.user.ModeledUser;
import org.apache.guacamole.net.auth.permission.ObjectPermission;
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
import org.apache.guacamole.net.auth.permission.Permission;
@@ -42,16 +44,50 @@ public abstract class AbstractPermissionService<PermissionSetType extends Permis
implements PermissionService<PermissionSetType, PermissionType> {
/**
+ * Returns the ObjectPermissionSet related to the type of the given entity.
+ * If the given entity represents a user, then the ObjectPermissionSet
+ * containing user permissions is returned. If the given entity represents
+ * a user group, then the ObjectPermissionSet containing user group
+ * permissions is returned.
+ *
+ * @param user
+ * The user to retrieve the ObjectPermissionSet from.
+ *
+ * @param targetEntity
+ * The entity whose type dictates the ObjectPermissionSet returned.
+ *
+ * @return
+ * The ObjectPermissionSet related to the type of the given entity.
+ *
+ * @throws GuacamoleException
+ * If the relevant ObjectPermissionSet cannot be retrieved.
+ */
+ protected ObjectPermissionSet getRelevantPermissionSet(ModeledUser user,
+ ModeledPermissions<? extends EntityModel> targetEntity)
+ throws GuacamoleException {
+
+ if (targetEntity.isUser())
+ return user.getUserPermissions();
+
+ if (targetEntity.isUserGroup())
+ return user.getUserGroupPermissions();
+
+ // Entities should be only users or groups
+ throw new UnsupportedOperationException("Unexpected entity type.");
+
+ }
+
+ /**
* Determines whether the given user can read the permissions currently
- * granted to the given target user. If the reading user and the target
- * user are not the same, then explicit READ or SYSTEM_ADMINISTER access is
- * required. Permission inheritance via user groups is taken into account.
+ * granted to the given target entity. If the reading user and the target
+ * entity are not the same, then explicit READ or SYSTEM_ADMINISTER access
+ * is required. Permission inheritance via user groups is taken into account.
*
* @param user
* The user attempting to read permissions.
*
- * @param targetUser
- * The user whose permissions are being read.
+ * @param targetEntity
+ * The entity whose permissions are being read.
*
* @return
* true if permission is granted, false otherwise.
@@ -61,19 +97,20 @@ public abstract class AbstractPermissionService<PermissionSetType extends Permis
* permission is denied to read the current user's permissions.
*/
protected boolean canReadPermissions(ModeledAuthenticatedUser user,
- ModeledUser targetUser) throws GuacamoleException {
+ ModeledPermissions<? extends EntityModel> targetEntity)
+ throws GuacamoleException {
// A user can always read their own permissions
- if (user.getUser().getIdentifier().equals(targetUser.getIdentifier()))
+ if (targetEntity.isUser() && user.getUser().getIdentifier().equals(targetEntity.getIdentifier()))
return true;
// A system adminstrator can do anything
if (user.getUser().isAdministrator())
return true;
- // Can read permissions on target user if explicit READ is granted
- ObjectPermissionSet userPermissionSet = user.getUser().getEffectivePermissions().getUserPermissions();
- return userPermissionSet.hasPermission(ObjectPermission.Type.READ, targetUser.getIdentifier());
+ // Can read permissions on target entity if explicit READ is granted
+ ObjectPermissionSet permissionSet = getRelevantPermissionSet(user.getUser(), targetEntity);
+ return permissionSet.hasPermission(ObjectPermission.Type.READ, targetEntity.getIdentifier());
}
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/69f58c8c/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionService.java
index afabbc7..d0f1f0b 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionService.java
@@ -24,7 +24,8 @@ import com.google.inject.Provider;
import java.util.Set;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.GuacamoleException;
-import org.apache.guacamole.auth.jdbc.user.ModeledUser;
+import org.apache.guacamole.auth.jdbc.base.EntityModel;
+import org.apache.guacamole.auth.jdbc.base.ModeledPermissions;
/**
* Service which provides convenience methods for creating, retrieving, and
@@ -52,12 +53,12 @@ public class ConnectionGroupPermissionService extends ModeledObjectPermissionSer
@Override
public ObjectPermissionSet getPermissionSet(ModeledAuthenticatedUser user,
- ModeledUser targetUser, Set<String> effectiveGroups)
- throws GuacamoleException {
+ ModeledPermissions<? extends EntityModel> targetEntity,
+ Set<String> effectiveGroups) throws GuacamoleException {
- // Create permission set for requested user
+ // Create permission set for requested entity
ObjectPermissionSet permissionSet = connectionGroupPermissionSetProvider.get();
- permissionSet.init(user, targetUser, effectiveGroups);
+ permissionSet.init(user, targetEntity, effectiveGroups);
return permissionSet;
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/69f58c8c/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionService.java
index 0cc69df..1dc70ad 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionService.java
@@ -24,7 +24,8 @@ import com.google.inject.Provider;
import java.util.Set;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.GuacamoleException;
-import org.apache.guacamole.auth.jdbc.user.ModeledUser;
+import org.apache.guacamole.auth.jdbc.base.EntityModel;
+import org.apache.guacamole.auth.jdbc.base.ModeledPermissions;
/**
* Service which provides convenience methods for creating, retrieving, and
@@ -52,12 +53,12 @@ public class ConnectionPermissionService extends ModeledObjectPermissionService
@Override
public ObjectPermissionSet getPermissionSet(ModeledAuthenticatedUser user,
- ModeledUser targetUser, Set<String> effectiveGroups)
- throws GuacamoleException {
+ ModeledPermissions<? extends EntityModel> targetEntity,
+ Set<String> effectiveGroups) throws GuacamoleException {
- // Create permission set for requested user
+ // Create permission set for requested entity
ObjectPermissionSet permissionSet = connectionPermissionSetProvider.get();
- permissionSet.init(user, targetUser, effectiveGroups);
+ permissionSet.init(user, targetEntity, effectiveGroups);
return permissionSet;
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/69f58c8c/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java
index f1105ed..d9bb6bc 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java
@@ -24,9 +24,10 @@ import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
-import org.apache.guacamole.auth.jdbc.user.ModeledUser;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleSecurityException;
+import org.apache.guacamole.auth.jdbc.base.EntityModel;
+import org.apache.guacamole.auth.jdbc.base.ModeledPermissions;
import org.apache.guacamole.net.auth.permission.ObjectPermission;
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
@@ -48,13 +49,14 @@ public abstract class ModeledObjectPermissionService
}
@Override
- protected ObjectPermissionModel getModelInstance(ModeledUser targetUser,
+ protected ObjectPermissionModel getModelInstance(
+ ModeledPermissions<? extends EntityModel> targetEntity,
ObjectPermission permission) {
ObjectPermissionModel model = new ObjectPermissionModel();
- // Populate model object with data from user and permission
- model.setEntityID(targetUser.getModel().getEntityID());
+ // Populate model object with data from entity and permission
+ model.setEntityID(targetEntity.getModel().getEntityID());
model.setType(permission.getType());
model.setObjectIdentifier(permission.getObjectIdentifier());
@@ -64,31 +66,32 @@ public abstract class ModeledObjectPermissionService
/**
* Determines whether the current user has permission to update the given
- * target user, adding or removing the given permissions. Such permission
+ * target entity, adding or removing the given permissions. Such permission
* depends on whether the current user is a system administrator, whether
- * they have explicit UPDATE permission on the target user, and whether
+ * they have explicit UPDATE permission on the target entity, and whether
* they have explicit ADMINISTER permission on all affected objects.
* Permission inheritance via user groups is taken into account.
*
* @param user
* The user who is changing permissions.
*
- * @param targetUser
- * The user whose permissions are being changed.
+ * @param targetEntity
+ * The entity whose permissions are being changed.
*
* @param permissions
* The permissions that are being added or removed from the target
- * user.
+ * entity.
*
* @return
- * true if the user has permission to change the target users
+ * true if the user has permission to change the target entity's
* permissions as specified, false otherwise.
*
* @throws GuacamoleException
* If an error occurs while checking permission status, or if
* permission is denied to read the current user's permissions.
*/
- protected boolean canAlterPermissions(ModeledAuthenticatedUser user, ModeledUser targetUser,
+ protected boolean canAlterPermissions(ModeledAuthenticatedUser user,
+ ModeledPermissions<? extends EntityModel> targetEntity,
Collection<ObjectPermission> permissions)
throws GuacamoleException {
@@ -96,9 +99,9 @@ public abstract class ModeledObjectPermissionService
if (user.getUser().isAdministrator())
return true;
- // Verify user has update permission on the target user
- ObjectPermissionSet userPermissionSet = user.getUser().getEffectivePermissions().getUserPermissions();
- if (!userPermissionSet.hasPermission(ObjectPermission.Type.UPDATE, targetUser.getIdentifier()))
+ // Verify user has update permission on the target entity
+ ObjectPermissionSet permissionSet = getRelevantPermissionSet(user.getUser(), targetEntity);
+ if (!permissionSet.hasPermission(ObjectPermission.Type.UPDATE, targetEntity.getIdentifier()))
return false;
// Produce collection of affected identifiers
@@ -122,13 +125,14 @@ public abstract class ModeledObjectPermissionService
}
@Override
- public void createPermissions(ModeledAuthenticatedUser user, ModeledUser targetUser,
+ public void createPermissions(ModeledAuthenticatedUser user,
+ ModeledPermissions<? extends EntityModel> targetEntity,
Collection<ObjectPermission> permissions)
throws GuacamoleException {
// Create permissions only if user has permission to do so
- if (canAlterPermissions(user, targetUser, permissions)) {
- Collection<ObjectPermissionModel> models = getModelInstances(targetUser, permissions);
+ if (canAlterPermissions(user, targetEntity, permissions)) {
+ Collection<ObjectPermissionModel> models = getModelInstances(targetEntity, permissions);
getPermissionMapper().insert(models);
return;
}
@@ -139,13 +143,14 @@ public abstract class ModeledObjectPermissionService
}
@Override
- public void deletePermissions(ModeledAuthenticatedUser user, ModeledUser targetUser,
+ public void deletePermissions(ModeledAuthenticatedUser user,
+ ModeledPermissions<? extends EntityModel> targetEntity,
Collection<ObjectPermission> permissions)
throws GuacamoleException {
// Delete permissions only if user has permission to do so
- if (canAlterPermissions(user, targetUser, permissions)) {
- Collection<ObjectPermissionModel> models = getModelInstances(targetUser, permissions);
+ if (canAlterPermissions(user, targetEntity, permissions)) {
+ Collection<ObjectPermissionModel> models = getModelInstances(targetEntity, permissions);
getPermissionMapper().delete(models);
return;
}
@@ -157,23 +162,24 @@ public abstract class ModeledObjectPermissionService
@Override
public boolean hasPermission(ModeledAuthenticatedUser user,
- ModeledUser targetUser, ObjectPermission.Type type,
- String identifier, Set<String> effectiveGroups)
- throws GuacamoleException {
+ ModeledPermissions<? extends EntityModel> targetEntity,
+ ObjectPermission.Type type, String identifier,
+ Set<String> effectiveGroups) throws GuacamoleException {
// Retrieve permissions only if allowed
- if (canReadPermissions(user, targetUser))
- return getPermissionMapper().selectOne(targetUser.getModel(), type,
- identifier, effectiveGroups) != null;
+ if (canReadPermissions(user, targetEntity))
+ return getPermissionMapper().selectOne(targetEntity.getModel(),
+ type, identifier, effectiveGroups) != null;
- // User cannot read this user's permissions
+ // User cannot read this entity's permissions
throw new GuacamoleSecurityException("Permission denied.");
}
@Override
public Collection<String> retrieveAccessibleIdentifiers(ModeledAuthenticatedUser user,
- ModeledUser targetUser, Collection<ObjectPermission.Type> permissions,
+ ModeledPermissions<? extends EntityModel> targetEntity,
+ Collection<ObjectPermission.Type> permissions,
Collection<String> identifiers, Set<String> effectiveGroups)
throws GuacamoleException {
@@ -182,7 +188,7 @@ public abstract class ModeledObjectPermissionService
return identifiers;
// Retrieve permissions only if allowed
- if (canReadPermissions(user, targetUser)) {
+ if (canReadPermissions(user, targetEntity)) {
// If user is an admin, everything is accessible
if (user.getUser().isAdministrator())
@@ -190,12 +196,12 @@ public abstract class ModeledObjectPermissionService
// Otherwise, return explicitly-retrievable identifiers
return getPermissionMapper().selectAccessibleIdentifiers(
- targetUser.getModel(), permissions, identifiers,
+ targetEntity.getModel(), permissions, identifiers,
effectiveGroups);
}
- // User cannot read this user's permissions
+ // User cannot read this entity's permissions
throw new GuacamoleSecurityException("Permission denied.");
}
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/69f58c8c/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledPermissionService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledPermissionService.java
index dadaea6..a102f34 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledPermissionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledPermissionService.java
@@ -24,9 +24,10 @@ import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
-import org.apache.guacamole.auth.jdbc.user.ModeledUser;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleSecurityException;
+import org.apache.guacamole.auth.jdbc.base.EntityModel;
+import org.apache.guacamole.auth.jdbc.base.ModeledPermissions;
import org.apache.guacamole.net.auth.permission.Permission;
import org.apache.guacamole.net.auth.permission.PermissionSet;
@@ -97,42 +98,44 @@ public abstract class ModeledPermissionService<PermissionSetType extends Permiss
/**
* Returns an instance of a model object which is based on the given
- * permission and target user.
+ * permission and target entity.
*
- * @param targetUser
- * The user to whom this permission is granted.
+ * @param targetEntity
+ * The entity to whom this permission is granted.
*
* @param permission
* The permission to use to produce the returned model object.
*
* @return
* A model object which is based on the given permission and target
- * user.
+ * entity.
*/
- protected abstract ModelType getModelInstance(ModeledUser targetUser,
+ protected abstract ModelType getModelInstance(
+ ModeledPermissions<? extends EntityModel> targetEntity,
PermissionType permission);
/**
* Returns a collection of model objects which are based on the given
- * permissions and target user.
+ * permissions and target entity.
*
- * @param targetUser
- * The user to whom this permission is granted.
+ * @param targetEntity
+ * The entity to whom this permission is granted.
*
* @param permissions
* The permissions to use to produce the returned model objects.
*
* @return
* A collection of model objects which are based on the given
- * permissions and target user.
+ * permissions and target entity.
*/
- protected Collection<ModelType> getModelInstances(ModeledUser targetUser,
+ protected Collection<ModelType> getModelInstances(
+ ModeledPermissions<? extends EntityModel> targetEntity,
Collection<PermissionType> permissions) {
// Create new collection of models by manually converting each permission
Collection<ModelType> models = new ArrayList<ModelType>(permissions.size());
for (PermissionType permission : permissions)
- models.add(getModelInstance(targetUser, permission));
+ models.add(getModelInstance(targetEntity, permission));
return models;
@@ -140,14 +143,14 @@ public abstract class ModeledPermissionService<PermissionSetType extends Permiss
@Override
public Set<PermissionType> retrievePermissions(ModeledAuthenticatedUser user,
- ModeledUser targetUser, Set<String> effectiveGroups)
- throws GuacamoleException {
+ ModeledPermissions<? extends EntityModel> targetEntity,
+ Set<String> effectiveGroups) throws GuacamoleException {
// Retrieve permissions only if allowed
- if (canReadPermissions(user, targetUser))
- return getPermissionInstances(getPermissionMapper().select(targetUser.getModel(), effectiveGroups));
+ if (canReadPermissions(user, targetEntity))
+ return getPermissionInstances(getPermissionMapper().select(targetEntity.getModel(), effectiveGroups));
- // User cannot read this user's permissions
+ // User cannot read this entity's permissions
throw new GuacamoleSecurityException("Permission denied.");
}
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/69f58c8c/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionService.java
index 3f39881..a841c96 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionService.java
@@ -22,8 +22,9 @@ package org.apache.guacamole.auth.jdbc.permission;
import java.util.Collection;
import java.util.Set;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
-import org.apache.guacamole.auth.jdbc.user.ModeledUser;
import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.auth.jdbc.base.EntityModel;
+import org.apache.guacamole.auth.jdbc.base.ModeledPermissions;
import org.apache.guacamole.net.auth.permission.ObjectPermission;
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
@@ -37,13 +38,13 @@ public interface ObjectPermissionService
/**
* Returns whether the permission of the given type and associated with the
- * given object has been granted to the given user.
+ * given object has been granted to the given entity.
*
* @param user
* The user retrieving the permission.
*
- * @param targetUser
- * The user associated with the permission to be retrieved.
+ * @param targetEntity
+ * The entity associated with the permission to be retrieved.
*
* @param type
* The type of permission to retrieve.
@@ -53,30 +54,31 @@ public interface ObjectPermissionService
*
* @param effectiveGroups
* The identifiers of all groups that should be taken into account
- * when determining the permissions effectively granted to the user. If
- * no groups are given, only permissions directly granted to the user
- * will be used.
+ * when determining the permissions effectively granted to the entity.
+ * If no groups are given, only permissions directly granted to the
+ * entity will be used.
*
* @return
* true if permission of the given type and associated with the given
- * object has been granted to the given user, false otherwise.
+ * object has been granted to the given entity, false otherwise.
*
* @throws GuacamoleException
* If an error occurs while retrieving the requested permission.
*/
boolean hasPermission(ModeledAuthenticatedUser user,
- ModeledUser targetUser, ObjectPermission.Type type,
- String identifier, Set<String> effectiveGroups) throws GuacamoleException;
+ ModeledPermissions<? extends EntityModel> targetEntity,
+ ObjectPermission.Type type, String identifier,
+ Set<String> effectiveGroups) throws GuacamoleException;
/**
- * Retrieves the subset of the given identifiers for which the given user
+ * Retrieves the subset of the given identifiers for which the given entity
* has at least one of the given permissions.
*
* @param user
* The user checking the permissions.
*
- * @param targetUser
- * The user to check permissions of.
+ * @param targetEntity
+ * The entity to check permissions of.
*
* @param permissions
* The permissions to check. An identifier will be included in the
@@ -89,9 +91,9 @@ public interface ObjectPermissionService
*
* @param effectiveGroups
* The identifiers of all groups that should be taken into account
- * when determining the permissions effectively granted to the user. If
- * no groups are given, only permissions directly granted to the user
- * will be used.
+ * when determining the permissions effectively granted to the entity.
+ * If no groups are given, only permissions directly granted to the
+ * entity will be used.
*
* @return
* A collection containing the subset of identifiers for which at least
@@ -101,7 +103,8 @@ public interface ObjectPermissionService
* If an error occurs while retrieving permissions.
*/
Collection<String> retrieveAccessibleIdentifiers(ModeledAuthenticatedUser user,
- ModeledUser targetUser, Collection<ObjectPermission.Type> permissions,
+ ModeledPermissions<? extends EntityModel> targetEntity,
+ Collection<ObjectPermission.Type> permissions,
Collection<String> identifiers, Set<String> effectiveGroups)
throws GuacamoleException;
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/69f58c8c/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionSet.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionSet.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionSet.java
index c15b1af..d179c68 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionSet.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionSet.java
@@ -19,29 +19,34 @@
package org.apache.guacamole.auth.jdbc.permission;
-import org.apache.guacamole.auth.jdbc.user.ModeledUser;
import java.util.Collection;
import java.util.Collections;
import java.util.Set;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.auth.jdbc.base.EntityModel;
+import org.apache.guacamole.auth.jdbc.base.ModeledPermissions;
import org.apache.guacamole.auth.jdbc.base.RestrictedObject;
import org.apache.guacamole.net.auth.permission.ObjectPermission;
/**
* A database implementation of ObjectPermissionSet which uses an injected
* service to query and manipulate the object-level permissions associated with
- * a particular user.
+ * a particular entity.
*/
public abstract class ObjectPermissionSet extends RestrictedObject
implements org.apache.guacamole.net.auth.permission.ObjectPermissionSet {
/**
- * The user associated with this permission set. Each of the permissions in
- * this permission set is granted to this user.
+ * The entity associated with this permission set. Each of the permissions
+ * in this permission set is granted to this entity.
*/
- private ModeledUser user;
+ private ModeledPermissions<? extends EntityModel> entity;
+ /**
+ * The identifiers of all groups that should be taken into account
+ * when determining the permissions effectively granted to the entity.
+ */
private Set<String> effectiveGroups;
/**
@@ -53,26 +58,27 @@ public abstract class ObjectPermissionSet extends RestrictedObject
}
/**
- * Initializes this permission set with the current user and the user
+ * Initializes this permission set with the current user and the entity
* to whom the permissions in this set are granted.
*
* @param currentUser
* The user who queried this permission set, and whose permissions
* dictate the access level of all operations performed on this set.
*
- * @param user
- * The user to whom the permissions in this set are granted.
+ * @param entity
+ * The entity to whom the permissions in this set are granted.
*
* @param effectiveGroups
* The identifiers of all groups that should be taken into account
- * when determining the permissions effectively granted to the user. If
- * no groups are given, only permissions directly granted to the user
- * will be used.
+ * when determining the permissions effectively granted to the entity.
+ * If no groups are given, only permissions directly granted to the
+ * entity will be used.
*/
- public void init(ModeledAuthenticatedUser currentUser, ModeledUser user,
+ public void init(ModeledAuthenticatedUser currentUser,
+ ModeledPermissions<? extends EntityModel> entity,
Set<String> effectiveGroups) {
super.init(currentUser);
- this.user = user;
+ this.entity = entity;
this.effectiveGroups = effectiveGroups;
}
@@ -88,13 +94,13 @@ public abstract class ObjectPermissionSet extends RestrictedObject
@Override
public Set<ObjectPermission> getPermissions() throws GuacamoleException {
- return getObjectPermissionService().retrievePermissions(getCurrentUser(), user, effectiveGroups);
+ return getObjectPermissionService().retrievePermissions(getCurrentUser(), entity, effectiveGroups);
}
@Override
public boolean hasPermission(ObjectPermission.Type permission,
String identifier) throws GuacamoleException {
- return getObjectPermissionService().hasPermission(getCurrentUser(), user, permission, identifier, effectiveGroups);
+ return getObjectPermissionService().hasPermission(getCurrentUser(), entity, permission, identifier, effectiveGroups);
}
@Override
@@ -112,19 +118,19 @@ public abstract class ObjectPermissionSet extends RestrictedObject
@Override
public Collection<String> getAccessibleObjects(Collection<ObjectPermission.Type> permissions,
Collection<String> identifiers) throws GuacamoleException {
- return getObjectPermissionService().retrieveAccessibleIdentifiers(getCurrentUser(), user, permissions, identifiers, effectiveGroups);
+ return getObjectPermissionService().retrieveAccessibleIdentifiers(getCurrentUser(), entity, permissions, identifiers, effectiveGroups);
}
@Override
public void addPermissions(Set<ObjectPermission> permissions)
throws GuacamoleException {
- getObjectPermissionService().createPermissions(getCurrentUser(), user, permissions);
+ getObjectPermissionService().createPermissions(getCurrentUser(), entity, permissions);
}
@Override
public void removePermissions(Set<ObjectPermission> permissions)
throws GuacamoleException {
- getObjectPermissionService().deletePermissions(getCurrentUser(), user, permissions);
+ getObjectPermissionService().deletePermissions(getCurrentUser(), entity, permissions);
}
}
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/69f58c8c/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionService.java
index 3caa587..5d88887 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionService.java
@@ -22,8 +22,9 @@ package org.apache.guacamole.auth.jdbc.permission;
import java.util.Collection;
import java.util.Set;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
-import org.apache.guacamole.auth.jdbc.user.ModeledUser;
import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.auth.jdbc.base.EntityModel;
+import org.apache.guacamole.auth.jdbc.base.ModeledPermissions;
import org.apache.guacamole.net.auth.permission.Permission;
import org.apache.guacamole.net.auth.permission.PermissionSet;
@@ -44,59 +45,60 @@ public interface PermissionService<PermissionSetType extends PermissionSet<Permi
/**
* Returns a permission set that can be used to retrieve and manipulate the
- * permissions of the given user.
+ * permissions of the given entity.
*
* @param user
* The user who will be retrieving or manipulating permissions through
* the returned permission set.
*
- * @param targetUser
- * The user to whom the permissions in the returned permission set are
+ * @param targetEntity
+ * The entity to whom the permissions in the returned permission set are
* granted.
*
* @param effectiveGroups
* The identifiers of all groups that should be taken into account
- * when determining the permissions effectively granted to the user. If
- * no groups are given, only permissions directly granted to the user
- * will be used.
+ * when determining the permissions effectively granted to the entity.
+ * If no groups are given, only permissions directly granted to the
+ * entity will be used.
*
* @return
* A permission set that contains all permissions associated with the
- * given user, and can be used to manipulate that user's permissions.
+ * given entity, and can be used to manipulate that entity's
+ * permissions.
*
* @throws GuacamoleException
* If an error occurs while retrieving the permissions of the given
- * user, or if permission to retrieve the permissions of the given
- * user is denied.
+ * entity, or if permission to retrieve the permissions of the given
+ * entity is denied.
*/
PermissionSetType getPermissionSet(ModeledAuthenticatedUser user,
- ModeledUser targetUser, Set<String> effectiveGroups)
- throws GuacamoleException;
+ ModeledPermissions<? extends EntityModel> targetEntity,
+ Set<String> effectiveGroups) throws GuacamoleException;
/**
- * Retrieves all permissions associated with the given user.
+ * Retrieves all permissions associated with the given entity.
*
* @param user
* The user retrieving the permissions.
*
- * @param targetUser
- * The user associated with the permissions to be retrieved.
+ * @param targetEntity
+ * The entity associated with the permissions to be retrieved.
*
* @param effectiveGroups
* The identifiers of all groups that should be taken into account
- * when determining the permissions effectively granted to the user. If
- * no groups are given, only permissions directly granted to the user
- * will be used.
+ * when determining the permissions effectively granted to the entity.
+ * If no groups are given, only permissions directly granted to the
+ * entity will be used.
*
* @return
- * The permissions associated with the given user.
+ * The permissions associated with the given entity.
*
* @throws GuacamoleException
* If an error occurs while retrieving the requested permissions.
*/
Set<PermissionType> retrievePermissions(ModeledAuthenticatedUser user,
- ModeledUser targetUser, Set<String> effectiveGroups)
- throws GuacamoleException;
+ ModeledPermissions<? extends EntityModel> targetEntity,
+ Set<String> effectiveGroups) throws GuacamoleException;
/**
* Creates the given permissions within the database. If any permissions
@@ -105,8 +107,8 @@ public interface PermissionService<PermissionSetType extends PermissionSet<Permi
* @param user
* The user creating the permissions.
*
- * @param targetUser
- * The user associated with the permissions to be created.
+ * @param targetEntity
+ * The entity associated with the permissions to be created.
*
* @param permissions
* The permissions to create.
@@ -115,8 +117,10 @@ public interface PermissionService<PermissionSetType extends PermissionSet<Permi
* If the user lacks permission to create the permissions, or an error
* occurs while creating the permissions.
*/
- void createPermissions(ModeledAuthenticatedUser user, ModeledUser targetUser,
- Collection<PermissionType> permissions) throws GuacamoleException;
+ void createPermissions(ModeledAuthenticatedUser user,
+ ModeledPermissions<? extends EntityModel> targetEntity,
+ Collection<PermissionType> permissions)
+ throws GuacamoleException;
/**
* Deletes the given permissions. If any permissions do not exist, they
@@ -125,17 +129,19 @@ public interface PermissionService<PermissionSetType extends PermissionSet<Permi
* @param user
* The user deleting the permissions.
*
- * @param targetUser
- * The user associated with the permissions to be deleted.
+ * @param targetEntity
+ * The entity associated with the permissions to be deleted.
*
* @param permissions
* The permissions to delete.
*
* @throws GuacamoleException
- * If the user lacks permission to delete the permissions, or an error
+ * If the entity lacks permission to delete the permissions, or an error
* occurs while deleting the permissions.
*/
- void deletePermissions(ModeledAuthenticatedUser user, ModeledUser targetUser,
- Collection<PermissionType> permissions) throws GuacamoleException;
+ void deletePermissions(ModeledAuthenticatedUser user,
+ ModeledPermissions<? extends EntityModel> targetEntity,
+ Collection<PermissionType> permissions)
+ throws GuacamoleException;
}
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/69f58c8c/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionService.java
index 3018b29..c30ff73 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionService.java
@@ -24,7 +24,8 @@ import com.google.inject.Provider;
import java.util.Set;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.GuacamoleException;
-import org.apache.guacamole.auth.jdbc.user.ModeledUser;
+import org.apache.guacamole.auth.jdbc.base.EntityModel;
+import org.apache.guacamole.auth.jdbc.base.ModeledPermissions;
/**
* Service which provides convenience methods for creating, retrieving, and
@@ -52,12 +53,12 @@ public class SharingProfilePermissionService extends ModeledObjectPermissionServ
@Override
public ObjectPermissionSet getPermissionSet(ModeledAuthenticatedUser user,
- ModeledUser targetUser, Set<String> effectiveGroups)
- throws GuacamoleException {
+ ModeledPermissions<? extends EntityModel> targetEntity,
+ Set<String> effectiveGroups) throws GuacamoleException {
- // Create permission set for requested user
+ // Create permission set for requested entity
ObjectPermissionSet permissionSet = sharingProfilePermissionSetProvider.get();
- permissionSet.init(user, targetUser, effectiveGroups);
+ permissionSet.init(user, targetEntity, effectiveGroups);
return permissionSet;
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/69f58c8c/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionService.java
index b534ad3..c94a260 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionService.java
@@ -24,10 +24,11 @@ import com.google.inject.Provider;
import java.util.Collection;
import java.util.Set;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
-import org.apache.guacamole.auth.jdbc.user.ModeledUser;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleSecurityException;
import org.apache.guacamole.GuacamoleUnsupportedException;
+import org.apache.guacamole.auth.jdbc.base.EntityModel;
+import org.apache.guacamole.auth.jdbc.base.ModeledPermissions;
import org.apache.guacamole.net.auth.permission.SystemPermission;
/**
@@ -61,13 +62,14 @@ public class SystemPermissionService
}
@Override
- protected SystemPermissionModel getModelInstance(final ModeledUser targetUser,
+ protected SystemPermissionModel getModelInstance(
+ final ModeledPermissions<? extends EntityModel> targetEntity,
final SystemPermission permission) {
SystemPermissionModel model = new SystemPermissionModel();
// Populate model object with data from user and permission
- model.setEntityID(targetUser.getModel().getEntityID());
+ model.setEntityID(targetEntity.getModel().getEntityID());
model.setType(permission.getType());
return model;
@@ -76,23 +78,25 @@ public class SystemPermissionService
@Override
public SystemPermissionSet getPermissionSet(ModeledAuthenticatedUser user,
- ModeledUser targetUser, Set<String> effectiveGroups) throws GuacamoleException {
+ ModeledPermissions<? extends EntityModel> targetEntity,
+ Set<String> effectiveGroups) throws GuacamoleException {
// Create permission set for requested user
SystemPermissionSet permissionSet = systemPermissionSetProvider.get();
- permissionSet.init(user, targetUser, effectiveGroups);
+ permissionSet.init(user, targetEntity, effectiveGroups);
return permissionSet;
}
@Override
- public void createPermissions(ModeledAuthenticatedUser user, ModeledUser targetUser,
+ public void createPermissions(ModeledAuthenticatedUser user,
+ ModeledPermissions<? extends EntityModel> targetEntity,
Collection<SystemPermission> permissions) throws GuacamoleException {
// Only an admin can create system permissions
if (user.getUser().isAdministrator()) {
- Collection<SystemPermissionModel> models = getModelInstances(targetUser, permissions);
+ Collection<SystemPermissionModel> models = getModelInstances(targetEntity, permissions);
systemPermissionMapper.insert(models);
return;
}
@@ -103,17 +107,18 @@ public class SystemPermissionService
}
@Override
- public void deletePermissions(ModeledAuthenticatedUser user, ModeledUser targetUser,
+ public void deletePermissions(ModeledAuthenticatedUser user,
+ ModeledPermissions<? extends EntityModel> targetEntity,
Collection<SystemPermission> permissions) throws GuacamoleException {
// Only an admin can delete system permissions
if (user.getUser().isAdministrator()) {
// Do not allow users to remove their own admin powers
- if (user.getUser().getIdentifier().equals(targetUser.getIdentifier()))
+ if (user.getUser().getIdentifier().equals(targetEntity.getIdentifier()))
throw new GuacamoleUnsupportedException("Removing your own administrative permissions is not allowed.");
- Collection<SystemPermissionModel> models = getModelInstances(targetUser, permissions);
+ Collection<SystemPermissionModel> models = getModelInstances(targetEntity, permissions);
systemPermissionMapper.delete(models);
return;
}
@@ -125,14 +130,14 @@ public class SystemPermissionService
/**
* Retrieves whether the permission of the given type has been granted to
- * the given user. Permission inheritance through group membership is taken
- * into account.
+ * the given entity. Permission inheritance through group membership is
+ * taken into account.
*
* @param user
* The user retrieving the permission.
*
- * @param targetUser
- * The user associated with the permission to be retrieved.
+ * @param targetEntity
+ * The entity associated with the permission to be retrieved.
*
* @param type
* The type of permission to retrieve.
@@ -151,12 +156,13 @@ public class SystemPermissionService
* If an error occurs while retrieving the requested permission.
*/
public boolean hasPermission(ModeledAuthenticatedUser user,
- ModeledUser targetUser, SystemPermission.Type type,
- Set<String> effectiveGroups) throws GuacamoleException {
+ ModeledPermissions<? extends EntityModel> targetEntity,
+ SystemPermission.Type type, Set<String> effectiveGroups)
+ throws GuacamoleException {
// Retrieve permissions only if allowed
- if (canReadPermissions(user, targetUser))
- return getPermissionMapper().selectOne(targetUser.getModel(), type, effectiveGroups) != null;
+ if (canReadPermissions(user, targetEntity))
+ return getPermissionMapper().selectOne(targetEntity.getModel(), type, effectiveGroups) != null;
// User cannot read this user's permissions
throw new GuacamoleSecurityException("Permission denied.");
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/69f58c8c/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionSet.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionSet.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionSet.java
index dd88879..1948fac 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionSet.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionSet.java
@@ -19,29 +19,34 @@
package org.apache.guacamole.auth.jdbc.permission;
-import org.apache.guacamole.auth.jdbc.user.ModeledUser;
import com.google.inject.Inject;
import java.util.Collections;
import java.util.Set;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.auth.jdbc.base.EntityModel;
+import org.apache.guacamole.auth.jdbc.base.ModeledPermissions;
import org.apache.guacamole.auth.jdbc.base.RestrictedObject;
import org.apache.guacamole.net.auth.permission.SystemPermission;
/**
* A database implementation of SystemPermissionSet which uses an injected
* service to query and manipulate the system permissions associated with a
- * particular user.
+ * particular entity.
*/
public class SystemPermissionSet extends RestrictedObject
implements org.apache.guacamole.net.auth.permission.SystemPermissionSet {
/**
- * The user associated with this permission set. Each of the permissions in
- * this permission set is granted to this user.
+ * The entity associated with this permission set. Each of the permissions
+ * in this permission set is granted to this entity.
*/
- private ModeledUser user;
+ private ModeledPermissions<? extends EntityModel> entity;
+ /**
+ * The identifiers of all groups that should be taken into account when
+ * determining the permissions effectively granted to the entity.
+ */
private Set<String> effectiveGroups;
/**
@@ -59,38 +64,39 @@ public class SystemPermissionSet extends RestrictedObject
}
/**
- * Initializes this permission set with the current user and the user
+ * Initializes this permission set with the current user and the entity
* to whom the permissions in this set are granted.
*
* @param currentUser
* The user who queried this permission set, and whose permissions
* dictate the access level of all operations performed on this set.
*
- * @param user
- * The user to whom the permissions in this set are granted.
+ * @param entity
+ * The entity to whom the permissions in this set are granted.
*
* @param effectiveGroups
* The identifiers of all groups that should be taken into account
- * when determining the permissions effectively granted to the user. If
- * no groups are given, only permissions directly granted to the user
- * will be used.
+ * when determining the permissions effectively granted to the entity.
+ * If no groups are given, only permissions directly granted to the
+ * entity will be used.
*/
- public void init(ModeledAuthenticatedUser currentUser, ModeledUser user,
+ public void init(ModeledAuthenticatedUser currentUser,
+ ModeledPermissions<? extends EntityModel> entity,
Set<String> effectiveGroups) {
super.init(currentUser);
- this.user = user;
+ this.entity = entity;
this.effectiveGroups = effectiveGroups;
}
@Override
public Set<SystemPermission> getPermissions() throws GuacamoleException {
- return systemPermissionService.retrievePermissions(getCurrentUser(), user, effectiveGroups);
+ return systemPermissionService.retrievePermissions(getCurrentUser(), entity, effectiveGroups);
}
@Override
public boolean hasPermission(SystemPermission.Type permission)
throws GuacamoleException {
- return systemPermissionService.hasPermission(getCurrentUser(), user, permission, effectiveGroups);
+ return systemPermissionService.hasPermission(getCurrentUser(), entity, permission, effectiveGroups);
}
@Override
@@ -108,13 +114,13 @@ public class SystemPermissionSet extends RestrictedObject
@Override
public void addPermissions(Set<SystemPermission> permissions)
throws GuacamoleException {
- systemPermissionService.createPermissions(getCurrentUser(), user, permissions);
+ systemPermissionService.createPermissions(getCurrentUser(), entity, permissions);
}
@Override
public void removePermissions(Set<SystemPermission> permissions)
throws GuacamoleException {
- systemPermissionService.deletePermissions(getCurrentUser(), user, permissions);
+ systemPermissionService.deletePermissions(getCurrentUser(), entity, permissions);
}
}
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/69f58c8c/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/UserPermissionService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/UserPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/UserPermissionService.java
index fabbf72..ed8689a 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/UserPermissionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/UserPermissionService.java
@@ -24,7 +24,8 @@ import com.google.inject.Provider;
import java.util.Set;
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.GuacamoleException;
-import org.apache.guacamole.auth.jdbc.user.ModeledUser;
+import org.apache.guacamole.auth.jdbc.base.EntityModel;
+import org.apache.guacamole.auth.jdbc.base.ModeledPermissions;
/**
* Service which provides convenience methods for creating, retrieving, and
@@ -52,12 +53,12 @@ public class UserPermissionService extends ModeledObjectPermissionService {
@Override
public ObjectPermissionSet getPermissionSet(ModeledAuthenticatedUser user,
- ModeledUser targetUser, Set<String> effectiveGroups)
- throws GuacamoleException {
+ ModeledPermissions<? extends EntityModel> targetEntity,
+ Set<String> effectiveGroups) throws GuacamoleException {
- // Create permission set for requested user
+ // Create permission set for requested entity
ObjectPermissionSet permissionSet = userPermissionSetProvider.get();
- permissionSet.init(user, targetUser, effectiveGroups);
+ permissionSet.init(user, targetEntity, effectiveGroups);
return permissionSet;