Repository: guacamole-client Updated Branches: refs/heads/master 658ce7884 -> 220d9b299
GUACAMOLE-360: Update active connection permission check to support user groups. Project: http://git-wip-us.apache.org/repos/asf/guacamole-client/repo Commit: http://git-wip-us.apache.org/repos/asf/guacamole-client/commit/ad937def Tree: http://git-wip-us.apache.org/repos/asf/guacamole-client/tree/ad937def Diff: http://git-wip-us.apache.org/repos/asf/guacamole-client/diff/ad937def Branch: refs/heads/master Commit: ad937defa6f185444e7bf4cc2564a588d0a5fe6a Parents: 658ce78 Author: Michael Jumper <mjum...@apache.org> Authored: Mon Oct 1 11:35:32 2018 -0700 Committer: Michael Jumper <mjum...@apache.org> Committed: Mon Oct 1 11:35:32 2018 -0700 ---------------------------------------------------------------------- .../jdbc/activeconnection/ActiveConnectionPermissionService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/ad937def/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionPermissionService.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionPermissionService.java index 123a320..cb29c5a 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionPermissionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionPermissionService.java @@ -97,7 +97,7 @@ public class ActiveConnectionPermissionService permissions.add(new ObjectPermission(ObjectPermission.Type.READ, identifier)); // If we're an admin, or the connection is ours, then we can DELETE - if (isAdmin || targetUser.getIdentifier().equals(record.getUsername())) + if (isAdmin || (targetEntity.isUser() && targetEntity.getIdentifier().equals(record.getUsername()))) permissions.add(new ObjectPermission(ObjectPermission.Type.DELETE, identifier)); }