GitHub user mike-jumper opened a pull request:
https://github.com/apache/guacamole-client/pull/319
GUACAMOLE-220: Add database support for user groups.
These changes add support within the guacamole-auth-jdbc-* schema for user
groups, providing group-based inheritance of permissions. There are a number of
changes involved, though most significant schema refactor is the switch from
`guacamole_user` to `guacamole_entity` as the basis for assigning permissions.
Each entry in `guacamole_user` and `guacamole_user_group` has a corresponding
entry in `guacamole_entity`, allowing permissions to be assigned to each
without duplicating the structures involved.
Upgrading MyBatis was also necessary in order to make use of features which
allow reuse of SQL fragments, which required a corresponding upgrade of Guice
and Guava.
To facilitate testing, I have written WIP tests for the REST API which
exercise the various queries involved, including a utility script which forces
creation of the database using the schema scripts of the previous release plus
the upgrade script for the current release. Not part of this change, but may
come in handy:
https://github.com/mike-jumper/guacamole-client/tree/rest-test
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/mike-jumper/guacamole-client
user-group-database
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/guacamole-client/pull/319.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #319
----
commit e72f88febff5766345fa4a8f9086639ea997a2e9
Author: Michael Jumper <mjumper@...>
Date: 2018-03-02T22:45:33Z
GUACAMOLE-220: Define base schema for user groups.
commit d95e05961275a773aa689adac6dae7d204426201
Author: Michael Jumper <mjumper@...>
Date: 2018-04-03T18:17:31Z
GUACAMOLE-220: Refactor user-related model objects and services to leverage
the base "entity" model.
commit b499092d06b7cd578fb349f41d228d472de39278
Author: Michael Jumper <mjumper@...>
Date: 2018-04-03T21:23:56Z
GUACAMOLE-220: Update SQL queries to use guacamole_entity table where
applicable.
commit 72bac09f433de23654b66dbee0f2d5fd6a55e48c
Author: Michael Jumper <mjumper@...>
Date: 2018-04-04T00:53:26Z
GUACAMOLE-220: Add explicit mapper for entities (the basis for users and
groups).
commit 0a69630cbb0f80cd819136dce4127dfa6366e1a2
Author: Michael Jumper <mjumper@...>
Date: 2018-04-04T04:32:38Z
GUACAMOLE-220: Implement base API changes within database auth allowing for
permission inheritance.
commit a1553979478bfcbd53ff28558c8e7bf2947afa46
Author: Michael Jumper <mjumper@...>
Date: 2018-04-05T04:07:49Z
GUACAMOLE-220: Implement permission inheritance within SQL queries.
commit 6e71f330b8f8108751fa2fee2b5adea1ae6aecae
Author: Michael Jumper <mjumper@...>
Date: 2018-04-06T20:46:36Z
GUACAMOLE-220: Move JDBC handling of effective groups to
RemoteAuthenticatedUser level. Stub out retrieval of effective groups.
commit 14d10fb42abb59515bd58ce04245bd655be3b056
Author: Michael Jumper <mjumper@...>
Date: 2018-04-06T21:10:52Z
GUACAMOLE-220: Inherit from groups even if not determined by database.
commit 69f58c8ca314c44822e0eaab354b5f722a01ac89
Author: Michael Jumper <mjumper@...>
Date: 2018-04-08T02:10:38Z
GUACAMOLE-220: Refactor handling of JDBC permissions to abstract away users
vs. user groups.
commit 199f518cdb7e888de1f574d871e5f3847041a327
Author: Michael Jumper <mjumper@...>
Date: 2018-04-08T07:16:12Z
GUACAMOLE-220: Use effective permissions when deciding whether a user has
permission to perform an action.
commit c5c2984151cc63ab278eb0884a225fd785c9d03f
Author: Michael Jumper <mjumper@...>
Date: 2018-04-08T07:08:36Z
GUACAMOLE-220: Map and query user group tables.
commit a39d86379730f5a163e8a2c96ac5f9ecaeefa4ec
Author: Michael Jumper <mjumper@...>
Date: 2018-04-08T07:27:16Z
GUACAMOLE-220: Take group "disabled" flag into account when determining
effective groups. Do not inherit from nor apply disabled groups.
commit 8f06b7a3f9293254a546914dd403e322546fe03b
Author: Michael Jumper <mjumper@...>
Date: 2018-04-10T19:16:11Z
GUACAMOLE-220: Define base interfaces for mapping RelatedObjectSets to the
database.
commit ccd7920b2238de6d634336c3c6e2a8b13fa7d2f8
Author: Michael Jumper <mjumper@...>
Date: 2018-04-10T20:16:34Z
GUACAMOLE-220: Map and allow manipulation of the user members of user
groups.
commit 63be247db6ca3292afec9ecc532c3bd88d3a7ed0
Author: Michael Jumper <mjumper@...>
Date: 2018-04-10T20:39:16Z
GUACAMOLE-220: Map and allow manipulation of the user group members of user
groups.
commit 856ab44373df4e6b458c3c9c63536afb17af265e
Author: Michael Jumper <mjumper@...>
Date: 2018-04-10T21:31:13Z
GUACAMOLE-220: Map and allow manipulation of the user group parents of user
groups.
commit 2999c560980d48bcf58befebbc6d9dde98db3a36
Author: Michael Jumper <mjumper@...>
Date: 2018-04-10T22:18:38Z
GUACAMOLE-220: Map and allow manipulation of the user group parents of
users.
commit 48948fc24565f28ba4c98974332364022576f538
Author: Michael Jumper <mjumper@...>
Date: 2018-04-20T06:50:19Z
GUACAMOLE-220: Add missing JDBC-specific USER_GROUP_ATTRIBUTES translation
strings.
commit 1d0fcc1732fded614707b0e425af89eca0526e6a
Author: Michael Jumper <mjumper@...>
Date: 2018-09-08T03:49:13Z
GUACAMOLE-220: Add MySQL and SQL Server versions of user group schema.
commit 78d5e3b9d746f9f5994d59c46d3d7f953c61a5be
Author: Michael Jumper <mjumper@...>
Date: 2018-09-08T08:13:36Z
GUACAMOLE-220: Manually recurse through the group membership graph if the
database engine does not support recursive queries.
commit 204b6a4b2478eccec7e502fef517c80f87d146c9
Author: Michael Jumper <mjumper@...>
Date: 2018-09-08T18:36:54Z
GUACAMOLE-220: Update MySQL mapping with respect to user group support.
commit dec7b3c340dfe1ccd76292fc8e99ae4ec42dcc03
Author: Michael Jumper <mjumper@...>
Date: 2018-09-09T01:11:36Z
GUACAMOLE-220: Dynamically detect whether the MariaDB / MySQL server
supports recursive CTEs.
commit ee356201948c7d566b37733dcbe1fb0098d95a6d
Author: Michael Jumper <mjumper@...>
Date: 2018-09-09T01:52:10Z
GUACAMOLE-220: Update SQL Server mapping with respect to user group support.
commit 8399b252cd335d4d0e4b977cd8613e0fe2ed4a4a
Author: Michael Jumper <mjumper@...>
Date: 2018-09-17T05:33:12Z
GUACAMOLE-220: Detect cycles within recursive query. SQL Server cannot deal
with cycles on its own.
----
---
