Repository: guacamole-client
Updated Branches:
  refs/heads/master d32060629 -> d37100dc1


GUACAMOLE-220: Correct handling of permission-filtered directory search.

The correct ObjectPermissionSet should be used to filter the identifiers
used. Previous code was always using the ObjectPermissionSet specific to
permissions affecting user objects, and thus was incorrect for all other
types of objects (connections, connection groups, etc.).


Project: http://git-wip-us.apache.org/repos/asf/guacamole-client/repo
Commit: http://git-wip-us.apache.org/repos/asf/guacamole-client/commit/2161260e
Tree: http://git-wip-us.apache.org/repos/asf/guacamole-client/tree/2161260e
Diff: http://git-wip-us.apache.org/repos/asf/guacamole-client/diff/2161260e

Branch: refs/heads/master
Commit: 2161260e34505d7f30ba22cdfde5f19c71de4626
Parents: 402ddb5
Author: Michael Jumper <mjum...@apache.org>
Authored: Sat Sep 8 13:04:25 2018 -0700
Committer: Michael Jumper <mjum...@apache.org>
Committed: Sat Sep 8 13:09:59 2018 -0700

----------------------------------------------------------------------
 .../ActiveConnectionDirectoryResource.java      |  9 ++++++++
 .../connection/ConnectionDirectoryResource.java |  9 ++++++++
 .../ConnectionGroupDirectoryResource.java       |  8 +++++++
 .../rest/directory/DirectoryResource.java       | 22 +++++++++++++++++++-
 .../SharingProfileDirectoryResource.java        |  9 ++++++++
 .../rest/user/UserDirectoryResource.java        |  9 ++++++++
 .../usergroup/UserGroupDirectoryResource.java   |  9 ++++++++
 7 files changed, 74 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/2161260e/guacamole/src/main/java/org/apache/guacamole/rest/activeconnection/ActiveConnectionDirectoryResource.java
----------------------------------------------------------------------
diff --git 
a/guacamole/src/main/java/org/apache/guacamole/rest/activeconnection/ActiveConnectionDirectoryResource.java
 
b/guacamole/src/main/java/org/apache/guacamole/rest/activeconnection/ActiveConnectionDirectoryResource.java
index 5665ccf..5296565 100644
--- 
a/guacamole/src/main/java/org/apache/guacamole/rest/activeconnection/ActiveConnectionDirectoryResource.java
+++ 
b/guacamole/src/main/java/org/apache/guacamole/rest/activeconnection/ActiveConnectionDirectoryResource.java
@@ -24,9 +24,12 @@ import com.google.inject.assistedinject.AssistedInject;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
+import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.net.auth.ActiveConnection;
 import org.apache.guacamole.net.auth.Directory;
+import org.apache.guacamole.net.auth.Permissions;
 import org.apache.guacamole.net.auth.UserContext;
+import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
 import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory;
 import org.apache.guacamole.rest.directory.DirectoryObjectTranslator;
 import org.apache.guacamole.rest.directory.DirectoryResource;
@@ -67,4 +70,10 @@ public class ActiveConnectionDirectoryResource
         super(userContext, directory, translator, resourceFactory);
     }
 
+    @Override
+    protected ObjectPermissionSet getObjectPermissions(Permissions permissions)
+            throws GuacamoleException {
+        return permissions.getActiveConnectionPermissions();
+    }
+
 }

http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/2161260e/guacamole/src/main/java/org/apache/guacamole/rest/connection/ConnectionDirectoryResource.java
----------------------------------------------------------------------
diff --git 
a/guacamole/src/main/java/org/apache/guacamole/rest/connection/ConnectionDirectoryResource.java
 
b/guacamole/src/main/java/org/apache/guacamole/rest/connection/ConnectionDirectoryResource.java
index ce35071..88408a7 100644
--- 
a/guacamole/src/main/java/org/apache/guacamole/rest/connection/ConnectionDirectoryResource.java
+++ 
b/guacamole/src/main/java/org/apache/guacamole/rest/connection/ConnectionDirectoryResource.java
@@ -24,9 +24,12 @@ import com.google.inject.assistedinject.AssistedInject;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
+import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.net.auth.Connection;
 import org.apache.guacamole.net.auth.Directory;
+import org.apache.guacamole.net.auth.Permissions;
 import org.apache.guacamole.net.auth.UserContext;
+import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
 import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory;
 import org.apache.guacamole.rest.directory.DirectoryObjectTranslator;
 import org.apache.guacamole.rest.directory.DirectoryResource;
@@ -66,4 +69,10 @@ public class ConnectionDirectoryResource
         super(userContext, directory, translator, resourceFactory);
     }
 
+    @Override
+    protected ObjectPermissionSet getObjectPermissions(Permissions permissions)
+            throws GuacamoleException {
+        return permissions.getConnectionPermissions();
+    }
+
 }

http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/2161260e/guacamole/src/main/java/org/apache/guacamole/rest/connectiongroup/ConnectionGroupDirectoryResource.java
----------------------------------------------------------------------
diff --git 
a/guacamole/src/main/java/org/apache/guacamole/rest/connectiongroup/ConnectionGroupDirectoryResource.java
 
b/guacamole/src/main/java/org/apache/guacamole/rest/connectiongroup/ConnectionGroupDirectoryResource.java
index 06da559..2be3a88 100644
--- 
a/guacamole/src/main/java/org/apache/guacamole/rest/connectiongroup/ConnectionGroupDirectoryResource.java
+++ 
b/guacamole/src/main/java/org/apache/guacamole/rest/connectiongroup/ConnectionGroupDirectoryResource.java
@@ -27,7 +27,9 @@ import javax.ws.rs.core.MediaType;
 import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.net.auth.ConnectionGroup;
 import org.apache.guacamole.net.auth.Directory;
+import org.apache.guacamole.net.auth.Permissions;
 import org.apache.guacamole.net.auth.UserContext;
+import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
 import org.apache.guacamole.rest.directory.DirectoryObjectResource;
 import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory;
 import org.apache.guacamole.rest.directory.DirectoryObjectTranslator;
@@ -102,4 +104,10 @@ public class ConnectionGroupDirectoryResource
 
     }
 
+    @Override
+    protected ObjectPermissionSet getObjectPermissions(Permissions permissions)
+            throws GuacamoleException {
+        return permissions.getConnectionGroupPermissions();
+    }
+
 }

http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/2161260e/guacamole/src/main/java/org/apache/guacamole/rest/directory/DirectoryResource.java
----------------------------------------------------------------------
diff --git 
a/guacamole/src/main/java/org/apache/guacamole/rest/directory/DirectoryResource.java
 
b/guacamole/src/main/java/org/apache/guacamole/rest/directory/DirectoryResource.java
index 9973301..ce9cb83 100644
--- 
a/guacamole/src/main/java/org/apache/guacamole/rest/directory/DirectoryResource.java
+++ 
b/guacamole/src/main/java/org/apache/guacamole/rest/directory/DirectoryResource.java
@@ -120,6 +120,26 @@ public abstract class DirectoryResource<InternalType 
extends Identifiable, Exter
     }
 
     /**
+     * Returns the ObjectPermissionSet defined within the given Permissions
+     * that represents the permissions affecting objects available within this
+     * DirectoryResource.
+     *
+     * @param permissions
+     *     The Permissions object from which the ObjectPermissionSet should be
+     *     retrieved.
+     *
+     * @return
+     *     The ObjectPermissionSet defined within the given Permissions object
+     *     that represents the permissions affecting objects available within
+     *     this DirectoryResource.
+     *
+     * @throws GuacamoleException
+     *     If an error prevents retrieval of permissions.
+     */
+    protected abstract ObjectPermissionSet getObjectPermissions(
+            Permissions permissions) throws GuacamoleException;
+
+    /**
      * Returns a map of all objects available within this DirectoryResource,
      * filtering the returned map by the given permission, if specified.
      *
@@ -149,7 +169,7 @@ public abstract class DirectoryResource<InternalType 
extends Identifiable, Exter
         // Filter objects, if requested
         Collection<String> identifiers = directory.getIdentifiers();
         if (!isAdmin && permissions != null && !permissions.isEmpty()) {
-            ObjectPermissionSet objectPermissions = 
effective.getUserPermissions();
+            ObjectPermissionSet objectPermissions = 
getObjectPermissions(effective);
             identifiers = objectPermissions.getAccessibleObjects(permissions, 
identifiers);
         }
 

http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/2161260e/guacamole/src/main/java/org/apache/guacamole/rest/sharingprofile/SharingProfileDirectoryResource.java
----------------------------------------------------------------------
diff --git 
a/guacamole/src/main/java/org/apache/guacamole/rest/sharingprofile/SharingProfileDirectoryResource.java
 
b/guacamole/src/main/java/org/apache/guacamole/rest/sharingprofile/SharingProfileDirectoryResource.java
index cdd9f2a..ab24ef3 100644
--- 
a/guacamole/src/main/java/org/apache/guacamole/rest/sharingprofile/SharingProfileDirectoryResource.java
+++ 
b/guacamole/src/main/java/org/apache/guacamole/rest/sharingprofile/SharingProfileDirectoryResource.java
@@ -24,9 +24,12 @@ import com.google.inject.assistedinject.AssistedInject;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
+import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.net.auth.Directory;
+import org.apache.guacamole.net.auth.Permissions;
 import org.apache.guacamole.net.auth.SharingProfile;
 import org.apache.guacamole.net.auth.UserContext;
+import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
 import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory;
 import org.apache.guacamole.rest.directory.DirectoryObjectTranslator;
 import org.apache.guacamole.rest.directory.DirectoryResource;
@@ -67,4 +70,10 @@ public class SharingProfileDirectoryResource
         super(userContext, directory, translator, resourceFactory);
     }
 
+    @Override
+    protected ObjectPermissionSet getObjectPermissions(Permissions permissions)
+            throws GuacamoleException {
+        return permissions.getSharingProfilePermissions();
+    }
+
 }

http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/2161260e/guacamole/src/main/java/org/apache/guacamole/rest/user/UserDirectoryResource.java
----------------------------------------------------------------------
diff --git 
a/guacamole/src/main/java/org/apache/guacamole/rest/user/UserDirectoryResource.java
 
b/guacamole/src/main/java/org/apache/guacamole/rest/user/UserDirectoryResource.java
index 5aeb4e4..f93016f 100644
--- 
a/guacamole/src/main/java/org/apache/guacamole/rest/user/UserDirectoryResource.java
+++ 
b/guacamole/src/main/java/org/apache/guacamole/rest/user/UserDirectoryResource.java
@@ -24,9 +24,12 @@ import com.google.inject.assistedinject.AssistedInject;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
+import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.net.auth.User;
 import org.apache.guacamole.net.auth.Directory;
+import org.apache.guacamole.net.auth.Permissions;
 import org.apache.guacamole.net.auth.UserContext;
+import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
 import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory;
 import org.apache.guacamole.rest.directory.DirectoryObjectTranslator;
 import org.apache.guacamole.rest.directory.DirectoryResource;
@@ -65,4 +68,10 @@ public class UserDirectoryResource extends 
DirectoryResource<User, APIUser> {
         super(userContext, directory, translator, resourceFactory);
     }
 
+    @Override
+    protected ObjectPermissionSet getObjectPermissions(Permissions permissions)
+            throws GuacamoleException {
+        return permissions.getUserPermissions();
+    }
+
 }

http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/2161260e/guacamole/src/main/java/org/apache/guacamole/rest/usergroup/UserGroupDirectoryResource.java
----------------------------------------------------------------------
diff --git 
a/guacamole/src/main/java/org/apache/guacamole/rest/usergroup/UserGroupDirectoryResource.java
 
b/guacamole/src/main/java/org/apache/guacamole/rest/usergroup/UserGroupDirectoryResource.java
index b89db6d..fc4d48b 100644
--- 
a/guacamole/src/main/java/org/apache/guacamole/rest/usergroup/UserGroupDirectoryResource.java
+++ 
b/guacamole/src/main/java/org/apache/guacamole/rest/usergroup/UserGroupDirectoryResource.java
@@ -24,9 +24,12 @@ import com.google.inject.assistedinject.AssistedInject;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
+import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.net.auth.UserGroup;
 import org.apache.guacamole.net.auth.Directory;
+import org.apache.guacamole.net.auth.Permissions;
 import org.apache.guacamole.net.auth.UserContext;
+import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
 import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory;
 import org.apache.guacamole.rest.directory.DirectoryObjectTranslator;
 import org.apache.guacamole.rest.directory.DirectoryResource;
@@ -65,4 +68,10 @@ public class UserGroupDirectoryResource extends 
DirectoryResource<UserGroup, API
         super(userContext, directory, translator, resourceFactory);
     }
 
+    @Override
+    protected ObjectPermissionSet getObjectPermissions(Permissions permissions)
+            throws GuacamoleException {
+        return permissions.getUserGroupPermissions();
+    }
+
 }

Reply via email to