Repository: guacamole-client Updated Branches: refs/heads/staging/1.0.0 248e64531 -> d23f88f23
GUACAMOLE-220: Correct handling of permission-filtered directory search. The correct ObjectPermissionSet should be used to filter the identifiers used. Previous code was always using the ObjectPermissionSet specific to permissions affecting user objects, and thus was incorrect for all other types of objects (connections, connection groups, etc.). Project: http://git-wip-us.apache.org/repos/asf/guacamole-client/repo Commit: http://git-wip-us.apache.org/repos/asf/guacamole-client/commit/2161260e Tree: http://git-wip-us.apache.org/repos/asf/guacamole-client/tree/2161260e Diff: http://git-wip-us.apache.org/repos/asf/guacamole-client/diff/2161260e Branch: refs/heads/staging/1.0.0 Commit: 2161260e34505d7f30ba22cdfde5f19c71de4626 Parents: 402ddb5 Author: Michael Jumper <mjum...@apache.org> Authored: Sat Sep 8 13:04:25 2018 -0700 Committer: Michael Jumper <mjum...@apache.org> Committed: Sat Sep 8 13:09:59 2018 -0700 ---------------------------------------------------------------------- .../ActiveConnectionDirectoryResource.java | 9 ++++++++ .../connection/ConnectionDirectoryResource.java | 9 ++++++++ .../ConnectionGroupDirectoryResource.java | 8 +++++++ .../rest/directory/DirectoryResource.java | 22 +++++++++++++++++++- .../SharingProfileDirectoryResource.java | 9 ++++++++ .../rest/user/UserDirectoryResource.java | 9 ++++++++ .../usergroup/UserGroupDirectoryResource.java | 9 ++++++++ 7 files changed, 74 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/2161260e/guacamole/src/main/java/org/apache/guacamole/rest/activeconnection/ActiveConnectionDirectoryResource.java ---------------------------------------------------------------------- diff --git a/guacamole/src/main/java/org/apache/guacamole/rest/activeconnection/ActiveConnectionDirectoryResource.java b/guacamole/src/main/java/org/apache/guacamole/rest/activeconnection/ActiveConnectionDirectoryResource.java index 5665ccf..5296565 100644 --- a/guacamole/src/main/java/org/apache/guacamole/rest/activeconnection/ActiveConnectionDirectoryResource.java +++ b/guacamole/src/main/java/org/apache/guacamole/rest/activeconnection/ActiveConnectionDirectoryResource.java @@ -24,9 +24,12 @@ import com.google.inject.assistedinject.AssistedInject; import javax.ws.rs.Consumes; import javax.ws.rs.Produces; import javax.ws.rs.core.MediaType; +import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.net.auth.ActiveConnection; import org.apache.guacamole.net.auth.Directory; +import org.apache.guacamole.net.auth.Permissions; import org.apache.guacamole.net.auth.UserContext; +import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory; import org.apache.guacamole.rest.directory.DirectoryObjectTranslator; import org.apache.guacamole.rest.directory.DirectoryResource; @@ -67,4 +70,10 @@ public class ActiveConnectionDirectoryResource super(userContext, directory, translator, resourceFactory); } + @Override + protected ObjectPermissionSet getObjectPermissions(Permissions permissions) + throws GuacamoleException { + return permissions.getActiveConnectionPermissions(); + } + } http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/2161260e/guacamole/src/main/java/org/apache/guacamole/rest/connection/ConnectionDirectoryResource.java ---------------------------------------------------------------------- diff --git a/guacamole/src/main/java/org/apache/guacamole/rest/connection/ConnectionDirectoryResource.java b/guacamole/src/main/java/org/apache/guacamole/rest/connection/ConnectionDirectoryResource.java index ce35071..88408a7 100644 --- a/guacamole/src/main/java/org/apache/guacamole/rest/connection/ConnectionDirectoryResource.java +++ b/guacamole/src/main/java/org/apache/guacamole/rest/connection/ConnectionDirectoryResource.java @@ -24,9 +24,12 @@ import com.google.inject.assistedinject.AssistedInject; import javax.ws.rs.Consumes; import javax.ws.rs.Produces; import javax.ws.rs.core.MediaType; +import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.net.auth.Connection; import org.apache.guacamole.net.auth.Directory; +import org.apache.guacamole.net.auth.Permissions; import org.apache.guacamole.net.auth.UserContext; +import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory; import org.apache.guacamole.rest.directory.DirectoryObjectTranslator; import org.apache.guacamole.rest.directory.DirectoryResource; @@ -66,4 +69,10 @@ public class ConnectionDirectoryResource super(userContext, directory, translator, resourceFactory); } + @Override + protected ObjectPermissionSet getObjectPermissions(Permissions permissions) + throws GuacamoleException { + return permissions.getConnectionPermissions(); + } + } http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/2161260e/guacamole/src/main/java/org/apache/guacamole/rest/connectiongroup/ConnectionGroupDirectoryResource.java ---------------------------------------------------------------------- diff --git a/guacamole/src/main/java/org/apache/guacamole/rest/connectiongroup/ConnectionGroupDirectoryResource.java b/guacamole/src/main/java/org/apache/guacamole/rest/connectiongroup/ConnectionGroupDirectoryResource.java index 06da559..2be3a88 100644 --- a/guacamole/src/main/java/org/apache/guacamole/rest/connectiongroup/ConnectionGroupDirectoryResource.java +++ b/guacamole/src/main/java/org/apache/guacamole/rest/connectiongroup/ConnectionGroupDirectoryResource.java @@ -27,7 +27,9 @@ import javax.ws.rs.core.MediaType; import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.net.auth.ConnectionGroup; import org.apache.guacamole.net.auth.Directory; +import org.apache.guacamole.net.auth.Permissions; import org.apache.guacamole.net.auth.UserContext; +import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; import org.apache.guacamole.rest.directory.DirectoryObjectResource; import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory; import org.apache.guacamole.rest.directory.DirectoryObjectTranslator; @@ -102,4 +104,10 @@ public class ConnectionGroupDirectoryResource } + @Override + protected ObjectPermissionSet getObjectPermissions(Permissions permissions) + throws GuacamoleException { + return permissions.getConnectionGroupPermissions(); + } + } http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/2161260e/guacamole/src/main/java/org/apache/guacamole/rest/directory/DirectoryResource.java ---------------------------------------------------------------------- diff --git a/guacamole/src/main/java/org/apache/guacamole/rest/directory/DirectoryResource.java b/guacamole/src/main/java/org/apache/guacamole/rest/directory/DirectoryResource.java index 9973301..ce9cb83 100644 --- a/guacamole/src/main/java/org/apache/guacamole/rest/directory/DirectoryResource.java +++ b/guacamole/src/main/java/org/apache/guacamole/rest/directory/DirectoryResource.java @@ -120,6 +120,26 @@ public abstract class DirectoryResource<InternalType extends Identifiable, Exter } /** + * Returns the ObjectPermissionSet defined within the given Permissions + * that represents the permissions affecting objects available within this + * DirectoryResource. + * + * @param permissions + * The Permissions object from which the ObjectPermissionSet should be + * retrieved. + * + * @return + * The ObjectPermissionSet defined within the given Permissions object + * that represents the permissions affecting objects available within + * this DirectoryResource. + * + * @throws GuacamoleException + * If an error prevents retrieval of permissions. + */ + protected abstract ObjectPermissionSet getObjectPermissions( + Permissions permissions) throws GuacamoleException; + + /** * Returns a map of all objects available within this DirectoryResource, * filtering the returned map by the given permission, if specified. * @@ -149,7 +169,7 @@ public abstract class DirectoryResource<InternalType extends Identifiable, Exter // Filter objects, if requested Collection<String> identifiers = directory.getIdentifiers(); if (!isAdmin && permissions != null && !permissions.isEmpty()) { - ObjectPermissionSet objectPermissions = effective.getUserPermissions(); + ObjectPermissionSet objectPermissions = getObjectPermissions(effective); identifiers = objectPermissions.getAccessibleObjects(permissions, identifiers); } http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/2161260e/guacamole/src/main/java/org/apache/guacamole/rest/sharingprofile/SharingProfileDirectoryResource.java ---------------------------------------------------------------------- diff --git a/guacamole/src/main/java/org/apache/guacamole/rest/sharingprofile/SharingProfileDirectoryResource.java b/guacamole/src/main/java/org/apache/guacamole/rest/sharingprofile/SharingProfileDirectoryResource.java index cdd9f2a..ab24ef3 100644 --- a/guacamole/src/main/java/org/apache/guacamole/rest/sharingprofile/SharingProfileDirectoryResource.java +++ b/guacamole/src/main/java/org/apache/guacamole/rest/sharingprofile/SharingProfileDirectoryResource.java @@ -24,9 +24,12 @@ import com.google.inject.assistedinject.AssistedInject; import javax.ws.rs.Consumes; import javax.ws.rs.Produces; import javax.ws.rs.core.MediaType; +import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.net.auth.Directory; +import org.apache.guacamole.net.auth.Permissions; import org.apache.guacamole.net.auth.SharingProfile; import org.apache.guacamole.net.auth.UserContext; +import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory; import org.apache.guacamole.rest.directory.DirectoryObjectTranslator; import org.apache.guacamole.rest.directory.DirectoryResource; @@ -67,4 +70,10 @@ public class SharingProfileDirectoryResource super(userContext, directory, translator, resourceFactory); } + @Override + protected ObjectPermissionSet getObjectPermissions(Permissions permissions) + throws GuacamoleException { + return permissions.getSharingProfilePermissions(); + } + } http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/2161260e/guacamole/src/main/java/org/apache/guacamole/rest/user/UserDirectoryResource.java ---------------------------------------------------------------------- diff --git a/guacamole/src/main/java/org/apache/guacamole/rest/user/UserDirectoryResource.java b/guacamole/src/main/java/org/apache/guacamole/rest/user/UserDirectoryResource.java index 5aeb4e4..f93016f 100644 --- a/guacamole/src/main/java/org/apache/guacamole/rest/user/UserDirectoryResource.java +++ b/guacamole/src/main/java/org/apache/guacamole/rest/user/UserDirectoryResource.java @@ -24,9 +24,12 @@ import com.google.inject.assistedinject.AssistedInject; import javax.ws.rs.Consumes; import javax.ws.rs.Produces; import javax.ws.rs.core.MediaType; +import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.net.auth.User; import org.apache.guacamole.net.auth.Directory; +import org.apache.guacamole.net.auth.Permissions; import org.apache.guacamole.net.auth.UserContext; +import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory; import org.apache.guacamole.rest.directory.DirectoryObjectTranslator; import org.apache.guacamole.rest.directory.DirectoryResource; @@ -65,4 +68,10 @@ public class UserDirectoryResource extends DirectoryResource<User, APIUser> { super(userContext, directory, translator, resourceFactory); } + @Override + protected ObjectPermissionSet getObjectPermissions(Permissions permissions) + throws GuacamoleException { + return permissions.getUserPermissions(); + } + } http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/2161260e/guacamole/src/main/java/org/apache/guacamole/rest/usergroup/UserGroupDirectoryResource.java ---------------------------------------------------------------------- diff --git a/guacamole/src/main/java/org/apache/guacamole/rest/usergroup/UserGroupDirectoryResource.java b/guacamole/src/main/java/org/apache/guacamole/rest/usergroup/UserGroupDirectoryResource.java index b89db6d..fc4d48b 100644 --- a/guacamole/src/main/java/org/apache/guacamole/rest/usergroup/UserGroupDirectoryResource.java +++ b/guacamole/src/main/java/org/apache/guacamole/rest/usergroup/UserGroupDirectoryResource.java @@ -24,9 +24,12 @@ import com.google.inject.assistedinject.AssistedInject; import javax.ws.rs.Consumes; import javax.ws.rs.Produces; import javax.ws.rs.core.MediaType; +import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.net.auth.UserGroup; import org.apache.guacamole.net.auth.Directory; +import org.apache.guacamole.net.auth.Permissions; import org.apache.guacamole.net.auth.UserContext; +import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory; import org.apache.guacamole.rest.directory.DirectoryObjectTranslator; import org.apache.guacamole.rest.directory.DirectoryResource; @@ -65,4 +68,10 @@ public class UserGroupDirectoryResource extends DirectoryResource<UserGroup, API super(userContext, directory, translator, resourceFactory); } + @Override + protected ObjectPermissionSet getObjectPermissions(Permissions permissions) + throws GuacamoleException { + return permissions.getUserGroupPermissions(); + } + }