This is an automated email from the ASF dual-hosted git repository.
vnick pushed a commit to branch staging/1.1.0
in repository https://gitbox.apache.org/repos/asf/guacamole-client.git
The following commit(s) were added to refs/heads/staging/1.1.0 by this push:
new 61b6664 GUACAMOLE-715: Include all provided effective user groups
that exist within the database in results of effective groups query, regardless
of whether the user is declared as a member of those groups within the database.
new 2140bed GUACAMOLE-715: Merge correct non-recursive MySQL/MariaDB
effective group membership query
61b6664 is described below
commit 61b6664eac514eb30925c1ab3d8e82a873478710
Author: Michael Jumper <[email protected]>
AuthorDate: Sun Apr 21 12:01:31 2019 -0700
GUACAMOLE-715: Include all provided effective user groups that exist within
the database in results of effective groups query, regardless of whether the
user is declared as a member of those groups within the database.
While this query is generally functioning as described above for all
supported databases, it is not functioning properly for the
non-recursive variant of the MySQL/MariaDB query. This change corrects
that behavior.
---
.../guacamole/auth/jdbc/base/EntityMapper.xml | 46 ++++++++++++----------
1 file changed, 25 insertions(+), 21 deletions(-)
diff --git
a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml
b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml
index 21efb99..a292511 100644
---
a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml
+++
b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml
@@ -73,27 +73,31 @@
JOIN guacamole_user_group_member ON
guacamole_user_group.user_group_id = guacamole_user_group_member.user_group_id
WHERE
guacamole_user_group.disabled = false
- AND (
- guacamole_user_group_member.member_entity_id =
#{entity.entityID}
- <if test="!effectiveGroups.isEmpty()">
- OR guacamole_user_group_member.member_entity_id IN (
- SELECT entity_id FROM guacamole_entity
- WHERE type = 'USER_GROUP' AND name IN
- <foreach collection="effectiveGroups"
item="effectiveGroup"
- open="(" separator="," close=")">
- #{effectiveGroup,jdbcType=VARCHAR}
- </foreach>
- )
- OR guacamole_user_group.entity_id IN (
- SELECT entity_id FROM guacamole_entity
- WHERE type = 'USER_GROUP' AND name IN
- <foreach collection="effectiveGroups"
item="effectiveGroup"
- open="(" separator="," close=")">
- #{effectiveGroup,jdbcType=VARCHAR}
- </foreach>
- )
- </if>
- )
+ AND guacamole_user_group_member.member_entity_id =
#{entity.entityID}
+ <if test="!effectiveGroups.isEmpty()">
+ UNION SELECT
+ guacamole_entity.name
+ FROM guacamole_user_group
+ JOIN guacamole_entity ON guacamole_user_group.entity_id =
guacamole_entity.entity_id
+ JOIN guacamole_user_group_member ON
guacamole_user_group.user_group_id = guacamole_user_group_member.user_group_id
+ JOIN guacamole_entity member_entity ON
guacamole_user_group_member.member_entity_id = member_entity.entity_id
+ WHERE
+ guacamole_user_group.disabled = false
+ AND member_entity.type = 'USER_GROUP' AND
member_entity.name IN
+ <foreach collection="effectiveGroups"
item="effectiveGroup"
+ open="(" separator="," close=")">
+ #{effectiveGroup,jdbcType=VARCHAR}
+ </foreach>
+ UNION SELECT
+ guacamole_entity.name
+ FROM guacamole_user_group
+ JOIN guacamole_entity ON guacamole_user_group.entity_id =
guacamole_entity.entity_id
+ WHERE type = 'USER_GROUP' AND name IN
+ <foreach collection="effectiveGroups" item="effectiveGroup"
+ open="(" separator="," close=")">
+ #{effectiveGroup,jdbcType=VARCHAR}
+ </foreach>
+ </if>
</if>
<if test="recursive">
