mike-jumper commented on a change in pull request #523:
URL: https://github.com/apache/guacamole-client/pull/523#discussion_r441838667
##########
File path:
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionPermissionService.java
##########
@@ -82,21 +82,22 @@ public boolean hasPermission(ModeledAuthenticatedUser user,
// Retrieve permissions only if allowed
if (canReadPermissions(user, targetEntity)) {
- // Only administrators may access active connections
- boolean isAdmin = targetEntity.isAdministrator();
+ // Administrators may always access active connections
+ boolean isAdmin = targetEntity.isPrivileged();
// Get all active connections
Collection<ActiveConnectionRecord> records =
tunnelService.getActiveConnections(user);
// We have READ, and possibly DELETE, on all active connections
- Set<ObjectPermission> permissions = new
HashSet<ObjectPermission>();
+ Set<ObjectPermission> permissions = new HashSet<>();
for (ActiveConnectionRecord record : records) {
// Add implicit READ
String identifier = record.getUUID().toString();
permissions.add(new
ObjectPermission(ObjectPermission.Type.READ, identifier));
- // If we're an admin, or the connection is ours, then we can
DELETE
+ // If the target use is an admin, or the connection belongs to
Review comment:
Oops.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
