GUACAMOLE-360: Add convenience function for testing user identity.
Project: http://git-wip-us.apache.org/repos/asf/guacamole-client/repo Commit: http://git-wip-us.apache.org/repos/asf/guacamole-client/commit/ea142d15 Tree: http://git-wip-us.apache.org/repos/asf/guacamole-client/tree/ea142d15 Diff: http://git-wip-us.apache.org/repos/asf/guacamole-client/diff/ea142d15 Branch: refs/heads/master Commit: ea142d15ce83d18c04d931046204d265278e6bf5 Parents: ad937de Author: Michael Jumper <mjum...@apache.org> Authored: Mon Oct 1 11:45:25 2018 -0700 Committer: Michael Jumper <mjum...@apache.org> Committed: Mon Oct 1 11:46:34 2018 -0700 ---------------------------------------------------------------------- .../ActiveConnectionPermissionService.java | 2 +- .../guacamole/auth/jdbc/base/ModeledPermissions.java | 15 +++++++++++++++ .../jdbc/permission/AbstractPermissionService.java | 2 +- 3 files changed, 17 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/ea142d15/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionPermissionService.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionPermissionService.java index cb29c5a..1e52571 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionPermissionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionPermissionService.java @@ -97,7 +97,7 @@ public class ActiveConnectionPermissionService permissions.add(new ObjectPermission(ObjectPermission.Type.READ, identifier)); // If we're an admin, or the connection is ours, then we can DELETE - if (isAdmin || (targetEntity.isUser() && targetEntity.getIdentifier().equals(record.getUsername()))) + if (isAdmin || targetEntity.isUser(record.getUsername())) permissions.add(new ObjectPermission(ObjectPermission.Type.DELETE, identifier)); } http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/ea142d15/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledPermissions.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledPermissions.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledPermissions.java index cda6f6a..965062c 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledPermissions.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledPermissions.java @@ -106,6 +106,21 @@ public abstract class ModeledPermissions<ModelType extends EntityModel> } /** + * Returns whether the underlying entity represents a specific user having + * the given username. + * + * @param username + * The username of a user. + * + * @return + * true if the underlying entity is a user that has the given username, + * false otherwise. + */ + public boolean isUser(String username) { + return isUser() && getIdentifier().equals(username); + } + + /** * Returns whether the underlying entity is a user group. Entities may be * either users or user groups. * http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/ea142d15/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/AbstractPermissionService.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/AbstractPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/AbstractPermissionService.java index 6e4ddfa..eea570f 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/AbstractPermissionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/AbstractPermissionService.java @@ -101,7 +101,7 @@ public abstract class AbstractPermissionService<PermissionSetType extends Permis throws GuacamoleException { // A user can always read their own permissions - if (targetEntity.isUser() && user.getUser().getIdentifier().equals(targetEntity.getIdentifier())) + if (targetEntity.isUser(user.getUser().getIdentifier())) return true; // A system adminstrator can do anything
