Repository: incubator-guacamole-client Updated Branches: refs/heads/master 39a25db59 -> 83c744d27
GUACAMOLE-81: Enforce parent/child permissions between SharingProfile and Connection. Project: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/commit/f32dbac4 Tree: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/tree/f32dbac4 Diff: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/diff/f32dbac4 Branch: refs/heads/master Commit: f32dbac4586572eb381b84c2b5b9f21227dbafa4 Parents: 26d9dd8 Author: Michael Jumper <[email protected]> Authored: Sat Aug 20 18:23:34 2016 -0700 Committer: Michael Jumper <[email protected]> Committed: Sat Aug 20 19:13:01 2016 -0700 ---------------------------------------------------------------------- .../sharingprofile/ModeledSharingProfile.java | 8 ++--- .../sharingprofile/SharingProfileMapper.java | 4 +-- .../sharingprofile/SharingProfileModel.java | 34 ++------------------ .../sharingprofile/SharingProfileService.java | 17 +++++++--- .../sharingprofile/SharingProfileMapper.xml | 12 +++---- .../sharingprofile/SharingProfileMapper.xml | 12 +++---- 6 files changed, 33 insertions(+), 54 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/f32dbac4/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/ModeledSharingProfile.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/ModeledSharingProfile.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/ModeledSharingProfile.java index 318efed..a300c23 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/ModeledSharingProfile.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/ModeledSharingProfile.java @@ -23,7 +23,7 @@ import com.google.inject.Inject; import java.util.Collection; import java.util.Collections; import java.util.Map; -import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObject; +import org.apache.guacamole.auth.jdbc.base.ModeledChildDirectoryObject; import org.apache.guacamole.form.Form; import org.apache.guacamole.net.auth.SharingProfile; @@ -34,7 +34,7 @@ import org.apache.guacamole.net.auth.SharingProfile; * @author Michael Jumper */ public class ModeledSharingProfile - extends ModeledDirectoryObject<SharingProfileModel> + extends ModeledChildDirectoryObject<SharingProfileModel> implements SharingProfile { /** @@ -72,12 +72,12 @@ public class ModeledSharingProfile @Override public String getPrimaryConnectionIdentifier() { - return getModel().getPrimaryConnectionIdentifier(); + return getModel().getParentIdentifier(); } @Override public void setPrimaryConnectionIdentifier(String identifier) { - getModel().setPrimaryConnectionIdentifier(identifier); + getModel().setParentIdentifier(identifier); } @Override http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/f32dbac4/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.java index 7cd962e..f290480 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.java @@ -35,7 +35,7 @@ public interface SharingProfileMapper * and having the given name. If no such sharing profile exists, null is * returned. * - * @param primaryConnectionIdentifier + * @param parentIdentifier * The identifier of the primary connection to search against. * * @param name @@ -46,7 +46,7 @@ public interface SharingProfileMapper * given primary connection, or null if no such sharing profile exists. */ SharingProfileModel selectOneByName( - @Param("primaryConnectionIdentifier") String primaryConnectionIdentifier, + @Param("parentIdentifier") String parentIdentifier, @Param("name") String name); } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/f32dbac4/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileModel.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileModel.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileModel.java index 939884b..bf286de 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileModel.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileModel.java @@ -19,7 +19,7 @@ package org.apache.guacamole.auth.jdbc.sharingprofile; -import org.apache.guacamole.auth.jdbc.base.ObjectModel; +import org.apache.guacamole.auth.jdbc.base.ChildObjectModel; /** * Object representation of a Guacamole sharing profile, as represented in the @@ -27,7 +27,7 @@ import org.apache.guacamole.auth.jdbc.base.ObjectModel; * * @author Michael Jumper */ -public class SharingProfileModel extends ObjectModel { +public class SharingProfileModel extends ChildObjectModel { /** * The human-readable name associated with this sharing profile. @@ -35,12 +35,6 @@ public class SharingProfileModel extends ObjectModel { private String name; /** - * The identifier of the primary connection associated with this - * sharing profile. - */ - private String primaryConnectionIdentifier; - - /** * Creates a new, empty sharing profile. */ public SharingProfileModel() { @@ -66,30 +60,6 @@ public class SharingProfileModel extends ObjectModel { this.name = name; } - /** - * Returns the identifier of the primary connection associated with this - * sharing profile. - * - * @return - * The identifier of the primary connection associated with this - * sharing profile. - */ - public String getPrimaryConnectionIdentifier() { - return primaryConnectionIdentifier; - } - - /** - * Sets the identifier of the primary connection associated with this - * sharing profile. - * - * @param primaryConnectionIdentifier - * The identifier of the primary connection associated with this - * sharing profile. - */ - public void setPrimaryConnectionIdentifier(String primaryConnectionIdentifier) { - this.primaryConnectionIdentifier = primaryConnectionIdentifier; - } - @Override public String getIdentifier() { http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/f32dbac4/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileService.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileService.java index 907a3a9..bf07a13 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileService.java @@ -29,7 +29,7 @@ import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser; import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper; import org.apache.guacamole.GuacamoleClientException; import org.apache.guacamole.GuacamoleException; -import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectService; +import org.apache.guacamole.auth.jdbc.base.ModeledChildDirectoryObjectService; import org.apache.guacamole.auth.jdbc.permission.SharingProfilePermissionMapper; import org.apache.guacamole.auth.jdbc.permission.ObjectPermissionMapper; import org.apache.guacamole.net.auth.SharingProfile; @@ -45,7 +45,7 @@ import org.apache.guacamole.net.auth.permission.SystemPermissionSet; * @author Michael Jumper */ public class SharingProfileService - extends ModeledDirectoryObjectService<ModeledSharingProfile, + extends ModeledChildDirectoryObjectService<ModeledSharingProfile, SharingProfile, SharingProfileModel> { /** @@ -129,6 +129,15 @@ public class SharingProfileService } @Override + protected ObjectPermissionSet getParentPermissionSet(ModeledAuthenticatedUser user) + throws GuacamoleException { + + // Sharing profiles are children of connections + return user.getUser().getConnectionPermissions(); + + } + + @Override protected void beforeCreate(ModeledAuthenticatedUser user, SharingProfileModel model) throws GuacamoleException { @@ -139,7 +148,7 @@ public class SharingProfileService throw new GuacamoleClientException("Sharing profile names must not be blank."); // Do not attempt to create duplicate sharing profiles - SharingProfileModel existing = sharingProfileMapper.selectOneByName(model.getPrimaryConnectionIdentifier(), model.getName()); + SharingProfileModel existing = sharingProfileMapper.selectOneByName(model.getParentIdentifier(), model.getName()); if (existing != null) throw new GuacamoleClientException("The sharing profile \"" + model.getName() + "\" already exists."); @@ -156,7 +165,7 @@ public class SharingProfileService throw new GuacamoleClientException("Sharing profile names must not be blank."); // Check whether such a sharing profile is already present - SharingProfileModel existing = sharingProfileMapper.selectOneByName(model.getPrimaryConnectionIdentifier(), model.getName()); + SharingProfileModel existing = sharingProfileMapper.selectOneByName(model.getParentIdentifier(), model.getName()); if (existing != null) { // If the specified name matches a DIFFERENT existing sharing profile, the update cannot continue http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/f32dbac4/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml index 7614574..49bb337 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml @@ -25,9 +25,9 @@ <!-- Result mapper for sharing profile objects --> <resultMap id="SharingProfileResultMap" type="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileModel"> - <id column="sharing_profile_id" property="objectID" jdbcType="INTEGER"/> - <result column="sharing_profile_name" property="name" jdbcType="VARCHAR"/> - <result column="primary_connection_id" property="primaryConnectionIdentifier" jdbcType="INTEGER"/> + <id column="sharing_profile_id" property="objectID" jdbcType="INTEGER"/> + <result column="sharing_profile_name" property="name" jdbcType="VARCHAR"/> + <result column="primary_connection_id" property="parentIdentifier" jdbcType="INTEGER"/> </resultMap> <!-- Select all sharing profile identifiers --> @@ -89,7 +89,7 @@ primary_connection_id FROM guacamole_sharing_profile WHERE - primary_connection_id = #{primaryConnectionIdentifier,jdbcType=VARCHAR} + primary_connection_id = #{parentIdentifier,jdbcType=VARCHAR} AND sharing_profile_name = #{name,jdbcType=VARCHAR} </select> @@ -110,7 +110,7 @@ ) VALUES ( #{object.name,jdbcType=VARCHAR}, - #{object.primaryConnectionIdentifier,jdbcType=VARCHAR} + #{object.parentIdentifier,jdbcType=VARCHAR} ) </insert> @@ -119,7 +119,7 @@ <update id="update" parameterType="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileModel"> UPDATE guacamole_sharing_profile SET sharing_profile_name = #{object.name,jdbcType=VARCHAR}, - primary_connection_id = #{object.primaryConnectionIdentifier,jdbcType=VARCHAR} + primary_connection_id = #{object.parentIdentifier,jdbcType=VARCHAR} WHERE sharing_profile_id = #{object.objectID,jdbcType=INTEGER} </update> http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/f32dbac4/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml index 36a3beb..0af4937 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml @@ -25,9 +25,9 @@ <!-- Result mapper for sharing profile objects --> <resultMap id="SharingProfileResultMap" type="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileModel"> - <id column="sharing_profile_id" property="objectID" jdbcType="INTEGER"/> - <result column="sharing_profile_name" property="name" jdbcType="VARCHAR"/> - <result column="primary_connection_id" property="primaryConnectionIdentifier" jdbcType="INTEGER"/> + <id column="sharing_profile_id" property="objectID" jdbcType="INTEGER"/> + <result column="sharing_profile_name" property="name" jdbcType="VARCHAR"/> + <result column="primary_connection_id" property="parentIdentifier" jdbcType="INTEGER"/> </resultMap> <!-- Select all sharing profile identifiers --> @@ -89,7 +89,7 @@ primary_connection_id FROM guacamole_sharing_profile WHERE - primary_connection_id = #{primaryConnectionIdentifier,jdbcType=INTEGER}::integer + primary_connection_id = #{parentIdentifier,jdbcType=INTEGER}::integer AND sharing_profile_name = #{name,jdbcType=VARCHAR} </select> @@ -110,7 +110,7 @@ ) VALUES ( #{object.name,jdbcType=VARCHAR}, - #{object.primaryConnectionIdentifier,jdbcType=INTEGER}::integer + #{object.parentIdentifier,jdbcType=INTEGER}::integer ) </insert> @@ -119,7 +119,7 @@ <update id="update" parameterType="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileModel"> UPDATE guacamole_sharing_profile SET sharing_profile_name = #{object.name,jdbcType=VARCHAR}, - primary_connection_id = #{object.primaryConnectionIdentifier,jdbcType=INTEGER}::integer + primary_connection_id = #{object.parentIdentifier,jdbcType=INTEGER}::integer WHERE sharing_profile_id = #{object.objectID,jdbcType=INTEGER}::integer </update>
