necouchman commented on a change in pull request #389:
URL: https://github.com/apache/guacamole-client/pull/389#discussion_r443165828
##########
File path:
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectService.java
##########
@@ -427,16 +427,22 @@ public InternalType
retrieveObject(ModeledAuthenticatedUser user,
protected Collection<ObjectPermissionModel>
getImplicitPermissions(ModeledAuthenticatedUser user,
ModelType model) {
+ // Get the user model and check for an entity ID.
+ UserModel userModel = user.getUser().getModel();
+ Integer entityId = userModel.getEntityID();
+ if (entityId == null)
+ return Collections.emptyList();
Review comment:
Yep, exactly. So, I think the way it's working right now is desirable,
as the `IMPLICIT_USER_PERMISSIONS` are granted (user can `READ` self), and the
administrative permissions granted by `super.getImplicitPermissions()` are not
granted. I just don't know if everything is set up in the best possible way or
if there's a different/better way to accomplish that.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
