Hi all, I'm currently mid-refactor [1] as I propagate the schema changes for user groups [2] through the database auth. Before I get too far with this, I wanted to run the current changes by everyone to make sure things are sane.
Overall, user groups are represented by the usual set of tables that each object has within the database schema: - guacamole_user_group - guacamole_user_group_permission - guacamole_user_group_attribute In addition, to link a user group with its set of member users/groups, we have: - guacamole_user_group_member As permissions can now be granted to both users and groups, rather than double the number of permissions tables, I chose to create a base table common to both users and groups: - guacamole_entity This table contains simply an integer primary key, a type (either 'USER' or 'USER_GROUP'), and a name (which must be unique across all entities with the same type). The guacamole_user and guacamole_user_group tables have a foreign key into this table, and thus other relations can either be type-specific (require strictly a user or a group), or can point to both (this is also why we can have a single "guacamole_user_group_member" table and not one for user members and another for group members). For most queries, this makes little difference, however: - Creating a user (or a group) will require two inserts: one for the entity, and another for the user/group - Deleting a user/group will involve deleting the entity (and cascading the delete to the user/group) - Retrieving the name of a user/group will always involve a join against the entity table The WIP schema changes themselves (I'm working strictly with Postgres until everything is set in stone): https://github.com/mike-jumper/guacamole-client/commit/d9afe8a3370ea13228cb8fe001b072648526f66d Seem sane so far? - Mike [1] https://media.giphy.com/media/Mdct4RNEkGIrm/giphy.gif [2] https://issues.apache.org/jira/browse/GUACAMOLE-220
