On Fri, Oct 11, 2024 at 15:23 CEST Nick Couchman <vn...@apache.org>
wrote:
On Fri, Oct 11, 2024 at 8:53 AM Marcel Steiner <marcel.stei...@uni-ulm.de>
wrote:
>
> Hey everyone,
>
> We’re using Guacamole for remote learning. Our goal is to improve
> Guacamole for this purpose. One of our planned features is to add more
> attributes to the activeConnections. To be able to change these new
> attributes, we then need to make the activeConnections updatable (only for
> the owner of the specific activeConnection). Are there any reasons why it
> might not be a good idea to make them updatable? Possibly security-related
> reasons?
>
>
Can you share a little more detail on what you're trying to add for the
ActiveConnection objects, and what you intend to do with that information?
Yes, there are security reasons why you wouldn't want to allow just anyone
to access or update active connection objects, and there may be a better
place to put that data, depending on what it is you're trying to do.
-Nick
Thanks for your quick reply.
We use guacamole for remote learning and are very happy with it. One advantage
is that our students do not have to download and install the programs
themselves, but they are already set up on a remote tool server. All they have
to do is connect to the server with a browser. Another important point is that
the students do not have to share their entire screen with the teacher, but
only their guacamole session. This prevents students' private or business data
from being exposed unintentionally.
For learning purposes, it is important that the teacher can “look over the
student's shoulder” (join the student's session) to see how they are
progressing and if they need help.
With multiple students (15-25) it is difficult to create and manage the
required sharing links. We need to explain to everyone how to open the menu
window and how to create a sharing link. Then all students have to send the
links with a messenger (e.g. mail) to the teachers. The teachers then need to
create a table with names and associated links. We would like to simplify this
process.
Our idea:
* In the user settings, the user (student) should have the option of allowing
the administrator (teacher) to join their sessions in general. * If this user
then starts a session, a shareLink is automatically created, which is then
displayed in the administrator's settings_sessions_table.
The students would no longer have to create the links manually each time and
send them to the teacher. The teachers would have an overview of all students
and their shareLinks directly in the settings_sessions table and could simply
join their sessions.
As a possible implementation of this idea we have thought about:
* Extend user settings/preference service with administrator access setting *
The Administrator access setting has 3 possible states:
* REFUSE: Admin is not allowed to join sessions automatically * READONLY:
Admin is allowed to join the sessions with read-only rights * READWRITE: Admin
is allowed to join the sessions with read-write rights * Each time a new
session is created, the system checks the administrator access setting and
whether the necessary sharing profiles exist. * If the administrator is allowed
automatic access to the session and the appropriate sharingProfile exists, a
shareLink is created and added to the specific ActiveConnection object using a
request. * The shareLink appears in a new column in the administrator's
settings-sessions table
But these are just our thoughts. Maybe there is a much better way to implement
this feature. We are open to suggestions and look forward to any support.
-Marcel
