Github user mike-jumper commented on a diff in the pull request:
https://github.com/apache/guacamole-client/pull/301#discussion_r196267141
--- Diff:
guacamole/src/main/webapp/app/navigation/services/userPageService.js ---
@@ -257,15 +257,23 @@
angular.module('navigation').factory('userPageService', ['$injector',
canManageConnections.push(dataSource);
}
- // Determine whether the current user needs access to the
session management UI or view connection history
+ // Determine whether the current user needs access to view
connection history
if (
- // A user must be a system administrator to manage
sessions
+ // A user must be a system administrator to view
connection records
PermissionSet.hasSystemPermission(permissions,
PermissionSet.SystemPermissionType.ADMINISTER)
) {
- canManageSessions.push(dataSource);
canViewConnectionRecords.push(dataSource);
}
+ // Determine whether the current user needs access to view
session management
+ if (
+ // Permission to manage active sessions.
+ PermissionSet.hasSystemPermission(permissions,
PermissionSet.SystemPermissionType.ADMINISTER)
+ ||
PermissionSet.hasActiveConnectionPermission(permissions,
PermissionSet.ObjectPermissionType.DELETE)
--- End diff --
Also regarding that corner case, such a connection could be configured to
allow only one concurrent user. The user attempting to connect would be
disallowed with a warning that the connection is in use. If they wish to kick
off the existing session (and have permission to do so), they could then open
the menu with Ctrl+Alt+Shift, go to Settings, and manually kill it.
---
