GUACAMOLE-220: Map and allow manipulation of the user members of user groups.
Project: http://git-wip-us.apache.org/repos/asf/guacamole-client/repo Commit: http://git-wip-us.apache.org/repos/asf/guacamole-client/commit/ccd7920b Tree: http://git-wip-us.apache.org/repos/asf/guacamole-client/tree/ccd7920b Diff: http://git-wip-us.apache.org/repos/asf/guacamole-client/diff/ccd7920b Branch: refs/heads/master Commit: ccd7920b2238de6d634336c3c6e2a8b13fa7d2f8 Parents: 8f06b7a Author: Michael Jumper <mjum...@apache.org> Authored: Tue Apr 10 13:16:34 2018 -0700 Committer: Michael Jumper <mjum...@apache.org> Committed: Wed Sep 19 23:56:52 2018 -0700 ---------------------------------------------------------------------- .../jdbc/JDBCAuthenticationProviderModule.java | 2 + .../auth/jdbc/usergroup/ModeledUserGroup.java | 10 ++- .../usergroup/UserGroupMemberUserMapper.java | 28 ++++++ .../jdbc/usergroup/UserGroupMemberUserSet.java | 57 ++++++++++++ .../usergroup/UserGroupMemberUserMapper.xml | 93 ++++++++++++++++++++ 5 files changed, 187 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/ccd7920b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java index b97e7e4..0750b10 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java @@ -85,6 +85,7 @@ import org.apache.guacamole.auth.jdbc.user.UserRecordMapper; import org.apache.guacamole.auth.jdbc.usergroup.ModeledUserGroup; import org.apache.guacamole.auth.jdbc.usergroup.UserGroupDirectory; import org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper; +import org.apache.guacamole.auth.jdbc.usergroup.UserGroupMemberUserMapper; import org.apache.guacamole.auth.jdbc.usergroup.UserGroupService; import org.mybatis.guice.MyBatisModule; import org.mybatis.guice.datasource.builtin.PooledDataSourceProvider; @@ -136,6 +137,7 @@ public class JDBCAuthenticationProviderModule extends MyBatisModule { addMapperClass(SharingProfileParameterMapper.class); addMapperClass(SharingProfilePermissionMapper.class); addMapperClass(UserGroupMapper.class); + addMapperClass(UserGroupMemberUserMapper.class); addMapperClass(UserGroupPermissionMapper.class); addMapperClass(UserMapper.class); addMapperClass(UserPermissionMapper.class); http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/ccd7920b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/ModeledUserGroup.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/ModeledUserGroup.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/ModeledUserGroup.java index 470bfab..3612eea 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/ModeledUserGroup.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/ModeledUserGroup.java @@ -20,6 +20,7 @@ package org.apache.guacamole.auth.jdbc.usergroup; import com.google.inject.Inject; +import com.google.inject.Provider; import java.util.Arrays; import java.util.Collection; import java.util.Collections; @@ -74,10 +75,11 @@ public class ModeledUserGroup extends ModeledPermissions<UserGroupModel> ))); /** - * Service for managing user groups. + * Provider for RelatedObjectSets containing the users that are members of + * this user group. */ @Inject - private UserGroupService userGroupService; + private Provider<UserGroupMemberUserSet> memberUserSetProvider; /** * Whether attributes which control access restrictions should be exposed @@ -180,7 +182,9 @@ public class ModeledUserGroup extends ModeledPermissions<UserGroupModel> @Override public RelatedObjectSet getMemberUsers() throws GuacamoleException { - return new SimpleRelatedObjectSet(); + UserGroupMemberUserSet memberUserSet = memberUserSetProvider.get(); + memberUserSet.init(getCurrentUser(), this); + return memberUserSet; } @Override http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/ccd7920b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.java new file mode 100644 index 0000000..b668d07 --- /dev/null +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.java @@ -0,0 +1,28 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.jdbc.usergroup; + +import org.apache.guacamole.auth.jdbc.base.ObjectRelationMapper; + +/** + * Mapper for the one-to-many relationship between a user group and its user + * members. + */ +public interface UserGroupMemberUserMapper extends ObjectRelationMapper<UserGroupModel> {} http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/ccd7920b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserSet.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserSet.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserSet.java new file mode 100644 index 0000000..989df55 --- /dev/null +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserSet.java @@ -0,0 +1,57 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.jdbc.usergroup; + +import com.google.inject.Inject; +import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.auth.jdbc.base.ObjectRelationMapper; +import org.apache.guacamole.auth.jdbc.base.RelatedObjectSet; +import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; + +/** + * RelatedObjectSet implementation which represents the one-to-many + * relationship between a particular user group and its user members. + */ +public class UserGroupMemberUserSet extends RelatedObjectSet<ModeledUserGroup, UserGroupModel> { + + /** + * Mapper for the relation between user groups and their user members. + */ + @Inject + private UserGroupMemberUserMapper userGroupMemberUserMapper; + + @Override + protected ObjectRelationMapper<UserGroupModel> getObjectRelationMapper() { + return userGroupMemberUserMapper; + } + + @Override + protected ObjectPermissionSet + getParentObjectEffectivePermissionSet() throws GuacamoleException { + return getCurrentUser().getUser().getEffectivePermissions().getUserGroupPermissions(); + } + + @Override + protected ObjectPermissionSet getChildObjectEffectivePermissionSet() + throws GuacamoleException { + return getCurrentUser().getUser().getEffectivePermissions().getUserPermissions(); + } + +} http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/ccd7920b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml new file mode 100644 index 0000000..562b1ad --- /dev/null +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.xml @@ -0,0 +1,93 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" + "http://mybatis.org/dtd/mybatis-3-mapper.dtd" > + +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> + +<mapper namespace="org.apache.guacamole.auth.jdbc.usergroup.UserGroupMemberUserMapper" > + + <!-- Select the username of all member users --> + <select id="selectChildIdentifiers" resultType="string"> + SELECT name + FROM guacamole_user_group_member + JOIN guacamole_entity ON guacamole_entity.entity_id = guacamole_user_group_member.member_entity_id + WHERE + guacamole_user_group_member.user_group_id = #{parent.objectID,jdbcType=INTEGER} + AND guacamole_entity.type = 'USER'::guacamole_entity_type + </select> + + <!-- Select the usernames of all readable member users --> + <select id="selectReadableChildIdentifiers" resultType="string"> + SELECT guacamole_entity.name + FROM guacamole_user_group_member + JOIN guacamole_entity ON guacamole_entity.entity_id = guacamole_user_group_member.member_entity_id + JOIN guacamole_user ON guacamole_user.entity_id = guacamole_entity.entity_id + JOIN guacamole_user_permission ON affected_user_id = guacamole_user.user_id + WHERE + <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> + <property name="column" value="guacamole_user_permission.entity_id"/> + <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> + <property name="groups" value="effectiveGroups"/> + </include> + AND guacamole_user_group_member.user_group_id = #{parent.objectID,jdbcType=INTEGER} + AND guacamole_entity.type = 'USER'::guacamole_entity_type + AND permission = 'READ' + </select> + + <!-- Delete member users by name --> + <delete id="delete"> + DELETE FROM guacamole_user_group_member + USING guacamole_entity + WHERE + user_group_id = #{parent.objectID,jdbcType=INTEGER} + AND guacamole_entity.entity_id = member_entity_id + AND guacamole_entity.type = 'USER'::guacamole_entity_type + AND guacamole_entity.name IN + <foreach collection="children" item="identifier" + open="(" separator="," close=")"> + #{identifier,jdbcType=VARCHAR} + </foreach> + </delete> + + <!-- Insert member users by name --> + <insert id="insert"> + INSERT INTO guacamole_user_group_member ( + user_group_id, + member_entity_id + ) + SELECT DISTINCT + #{parent.objectID,jdbcType=INTEGER}, + guacamole_entity.entity_id + FROM guacamole_entity + WHERE + guacamole_entity.name IN + <foreach collection="children" item="identifier" + open="(" separator="," close=")"> + #{identifier} + </foreach> + AND guacamole_entity.type = 'USER'::guacamole_entity_type + AND guacamole_entity.entity_id NOT IN ( + SELECT guacamole_user_group_member.member_entity_id + FROM guacamole_user_group_member + WHERE guacamole_user_group_member.user_group_id = #{parent.objectID,jdbcType=INTEGER} + ) + </insert> + +</mapper>