Github user necouchman commented on a diff in the pull request:
https://github.com/apache/guacamole-client/pull/301#discussion_r194934397
--- Diff:
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionService.java
---
@@ -110,21 +110,21 @@ public TrackedActiveConnection
retrieveObject(ModeledAuthenticatedUser user,
@Override
public void deleteObject(ModeledAuthenticatedUser user, String
identifier)
throws GuacamoleException {
-
- // Only administrators may delete active connections
- if (!user.getUser().isAdministrator())
- throw new GuacamoleSecurityException("Permission denied.");
-
+
// Close connection, if it exists (and we have permission)
ActiveConnection activeConnection = retrieveObject(user,
identifier);
- if (activeConnection != null) {
+ if (activeConnection != null &&
+ (user.getUser().isAdministrator()
+ ||
user.getIdentifier().equals(activeConnection.getUsername()))) {
--- End diff --
Okay, I've taken a stab at implementing this, though it was slightly
different from the `ConnectionService` and `UserService` object types. Those
seem to extend the `ModeledChildDirectoryObjectService`, which has abstracts in
it for the `hasObjectPermissions()` and `getPermissionSet()` methods.
`ActiveConnectionService`, on the other hand, extends `DirectoryObjectService`,
which does not have such methods. So, I wasn't sure if just implementing them
in `ActiveConnectionService` as `private` methods was okay, if
`ActiveConnectionService` should somehow be reworked to extend the
`ModeledChildDirectoryObjectService` class (this doesn't seem right since
`ActiveConnection` objects aren't modeling/modeled by anything), or if
`DirectoryObjectService` should add some method declarations for the permission
checks?
Also, not sure if there is anywhere in the JS code that I should modify to
make use of these permisisons...
---
