Github user necouchman commented on a diff in the pull request:
https://github.com/apache/guacamole-client/pull/301#discussion_r196253739
--- Diff:
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionService.java
---
@@ -111,20 +113,19 @@ public TrackedActiveConnection
retrieveObject(ModeledAuthenticatedUser user,
public void deleteObject(ModeledAuthenticatedUser user, String
identifier)
throws GuacamoleException {
- // Only administrators may delete active connections
- if (!user.getUser().isAdministrator())
- throw new GuacamoleSecurityException("Permission denied.");
-
- // Close connection, if it exists (and we have permission)
+ // Close connection, if it exists and we have permission
ActiveConnection activeConnection = retrieveObject(user,
identifier);
- if (activeConnection != null) {
+ if (activeConnection != null
+ && hasObjectPermissions(user, identifier,
ObjectPermission.Type.DELETE)) {
// Close connection if not already closed
GuacamoleTunnel tunnel = activeConnection.getTunnel();
if (tunnel != null && tunnel.isOpen())
tunnel.close();
}
+ else
+ throw new GuacamoleSecurityException("Permission denied.");
--- End diff --
Adjusted to behave as defined.
---
