http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/14d10fb4/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml index ffca72d..37841de 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml @@ -69,12 +69,11 @@ SELECT connection_group_id FROM guacamole_connection_group_permission WHERE - entity_id IN ( - <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities"> - <property name="inheritFlag" value="true"/> - <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> - </include> - ) + <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> + <property name="column" value="entity_id"/> + <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> + <property name="groups" value="effectiveGroups"/> + </include> AND permission = 'READ' </select> @@ -95,12 +94,11 @@ WHERE <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}::integer</if> <if test="parentIdentifier == null">parent_id IS NULL</if> - AND entity_id IN ( - <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities"> - <property name="inheritFlag" value="true"/> - <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> - </include> - ) + AND <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> + <property name="column" value="entity_id"/> + <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> + <property name="groups" value="effectiveGroups"/> + </include> AND permission = 'READ' </select> @@ -171,12 +169,11 @@ open="(" separator="," close=")"> #{identifier,jdbcType=INTEGER}::integer </foreach> - AND entity_id IN ( - <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities"> - <property name="inheritFlag" value="true"/> - <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> - </include> - ) + AND <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> + <property name="column" value="entity_id"/> + <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> + <property name="groups" value="effectiveGroups"/> + </include> AND permission = 'READ'; SELECT parent_id, guacamole_connection_group.connection_group_id @@ -187,12 +184,11 @@ open="(" separator="," close=")"> #{identifier,jdbcType=INTEGER}::integer </foreach> - AND entity_id IN ( - <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities"> - <property name="inheritFlag" value="true"/> - <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> - </include> - ) + AND <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> + <property name="column" value="entity_id"/> + <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> + <property name="groups" value="effectiveGroups"/> + </include> AND permission = 'READ'; SELECT parent_id, guacamole_connection.connection_id @@ -203,12 +199,11 @@ open="(" separator="," close=")"> #{identifier,jdbcType=INTEGER}::integer </foreach> - AND entity_id IN ( - <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities"> - <property name="inheritFlag" value="true"/> - <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> - </include> - ) + AND <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> + <property name="column" value="entity_id"/> + <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> + <property name="groups" value="effectiveGroups"/> + </include> AND permission = 'READ'; SELECT @@ -222,12 +217,11 @@ open="(" separator="," close=")"> #{identifier,jdbcType=INTEGER}::integer </foreach> - AND entity_id IN ( - <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities"> - <property name="inheritFlag" value="true"/> - <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> - </include> - ) + AND <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> + <property name="column" value="entity_id"/> + <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> + <property name="groups" value="effectiveGroups"/> + </include> AND permission = 'READ'; </select>
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/14d10fb4/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml index a21b7d5..4ce168d 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml @@ -40,12 +40,11 @@ connection_group_id FROM guacamole_connection_group_permission WHERE - entity_id IN ( - <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities"> - <property name="inheritFlag" value="inherit"/> - <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> - </include> - ) + <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> + <property name="column" value="entity_id"/> + <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> + <property name="groups" value="effectiveGroups"/> + </include> </select> @@ -58,12 +57,11 @@ connection_group_id FROM guacamole_connection_group_permission WHERE - entity_id IN ( - <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities"> - <property name="inheritFlag" value="inherit"/> - <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> - </include> - ) + <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> + <property name="column" value="entity_id"/> + <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> + <property name="groups" value="effectiveGroups"/> + </include> AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type AND connection_group_id = #{identifier,jdbcType=INTEGER}::integer @@ -75,12 +73,11 @@ SELECT DISTINCT connection_group_id FROM guacamole_connection_group_permission WHERE - entity_id IN ( - <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities"> - <property name="inheritFlag" value="inherit"/> - <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> - </include> - ) + <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> + <property name="column" value="entity_id"/> + <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> + <property name="groups" value="effectiveGroups"/> + </include> AND connection_group_id IN <foreach collection="identifiers" item="identifier" open="(" separator="," close=")"> http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/14d10fb4/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml index 5d911de..68968d7 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml @@ -40,12 +40,11 @@ connection_id FROM guacamole_connection_permission WHERE - entity_id IN ( - <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities"> - <property name="inheritFlag" value="inherit"/> - <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> - </include> - ) + <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> + <property name="column" value="entity_id"/> + <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> + <property name="groups" value="effectiveGroups"/> + </include> </select> @@ -58,12 +57,11 @@ connection_id FROM guacamole_connection_permission WHERE - entity_id IN ( - <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities"> - <property name="inheritFlag" value="inherit"/> - <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> - </include> - ) + <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> + <property name="column" value="entity_id"/> + <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> + <property name="groups" value="effectiveGroups"/> + </include> AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type AND connection_id = #{identifier,jdbcType=INTEGER}::integer @@ -75,12 +73,11 @@ SELECT DISTINCT connection_id FROM guacamole_connection_permission WHERE - entity_id IN ( - <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities"> - <property name="inheritFlag" value="inherit"/> - <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> - </include> - ) + <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> + <property name="column" value="entity_id"/> + <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> + <property name="groups" value="effectiveGroups"/> + </include> AND connection_id IN <foreach collection="identifiers" item="identifier" open="(" separator="," close=")"> http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/14d10fb4/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml index 68b3032..4594c05 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml @@ -40,13 +40,11 @@ sharing_profile_id FROM guacamole_sharing_profile_permission WHERE - entity_id IN ( - <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities"> - <property name="inheritFlag" value="inherit"/> - <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> - </include> - ) - + <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> + <property name="column" value="entity_id"/> + <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> + <property name="groups" value="effectiveGroups"/> + </include> </select> @@ -59,12 +57,11 @@ sharing_profile_id FROM guacamole_sharing_profile_permission WHERE - entity_id IN ( - <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities"> - <property name="inheritFlag" value="inherit"/> - <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> - </include> - ) + <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> + <property name="column" value="entity_id"/> + <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> + <property name="groups" value="effectiveGroups"/> + </include> AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type AND sharing_profile_id = #{identifier,jdbcType=INTEGER}::integer @@ -76,12 +73,11 @@ SELECT DISTINCT sharing_profile_id FROM guacamole_sharing_profile_permission WHERE - entity_id IN ( - <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities"> - <property name="inheritFlag" value="inherit"/> - <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> - </include> - ) + <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> + <property name="column" value="entity_id"/> + <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> + <property name="groups" value="effectiveGroups"/> + </include> AND sharing_profile_id IN <foreach collection="identifiers" item="identifier" open="(" separator="," close=")"> http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/14d10fb4/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml index 25ebf97..ae86302 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml @@ -38,12 +38,11 @@ permission FROM guacamole_system_permission WHERE - entity_id IN ( - <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities"> - <property name="inheritFlag" value="inherit"/> - <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> - </include> - ) + <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> + <property name="column" value="entity_id"/> + <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> + <property name="groups" value="effectiveGroups"/> + </include> </select> @@ -55,12 +54,11 @@ permission FROM guacamole_system_permission WHERE - entity_id IN ( - <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities"> - <property name="inheritFlag" value="inherit"/> - <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> - </include> - ) + <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> + <property name="column" value="entity_id"/> + <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> + <property name="groups" value="effectiveGroups"/> + </include> AND permission = #{type,jdbcType=VARCHAR}::guacamole_system_permission_type </select> http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/14d10fb4/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml index e5a844a..bd3ff93 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml @@ -42,12 +42,11 @@ JOIN guacamole_user affected_user ON guacamole_user_permission.affected_user_id = affected_user.user_id JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id WHERE - guacamole_user_permission.entity_id IN ( - <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities"> - <property name="inheritFlag" value="inherit"/> - <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> - </include> - ) + <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> + <property name="column" value="guacamole_user_permission.entity_id"/> + <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> + <property name="groups" value="effectiveGroups"/> + </include> AND affected_entity.type = 'USER'::guacamole_entity_type </select> @@ -63,12 +62,11 @@ JOIN guacamole_user affected_user ON guacamole_user_permission.affected_user_id = affected_user.user_id JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id WHERE - guacamole_user_permission.entity_id IN ( - <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities"> - <property name="inheritFlag" value="inherit"/> - <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> - </include> - ) + <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> + <property name="column" value="guacamole_user_permission.entity_id"/> + <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> + <property name="groups" value="effectiveGroups"/> + </include> AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type AND affected_entity.name = #{identifier,jdbcType=VARCHAR} AND affected_entity.type = 'USER'::guacamole_entity_type @@ -83,12 +81,11 @@ JOIN guacamole_user affected_user ON guacamole_user_permission.affected_user_id = affected_user.user_id JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id WHERE - guacamole_user_permission.entity_id IN ( - <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities"> - <property name="inheritFlag" value="inherit"/> - <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> - </include> - ) + <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> + <property name="column" value="guacamole_user_permission.entity_id"/> + <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> + <property name="groups" value="effectiveGroups"/> + </include> AND affected_entity.name IN <foreach collection="identifiers" item="identifier" open="(" separator="," close=")"> http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/14d10fb4/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml index febf540..62548d7 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml @@ -52,12 +52,11 @@ SELECT sharing_profile_id FROM guacamole_sharing_profile_permission WHERE - entity_id IN ( - <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities"> - <property name="inheritFlag" value="true"/> - <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> - </include> - ) + <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> + <property name="column" value="entity_id"/> + <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> + <property name="groups" value="effectiveGroups"/> + </include> AND permission = 'READ' </select> @@ -104,12 +103,11 @@ open="(" separator="," close=")"> #{identifier,jdbcType=INTEGER}::integer </foreach> - AND entity_id IN ( - <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities"> - <property name="inheritFlag" value="true"/> - <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> - </include> - ) + AND <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> + <property name="column" value="entity_id"/> + <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> + <property name="groups" value="effectiveGroups"/> + </include> AND permission = 'READ'; SELECT @@ -123,12 +121,11 @@ open="(" separator="," close=")"> #{identifier,jdbcType=INTEGER}::integer </foreach> - AND entity_id IN ( - <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities"> - <property name="inheritFlag" value="true"/> - <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> - </include> - ) + AND <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> + <property name="column" value="entity_id"/> + <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> + <property name="groups" value="effectiveGroups"/> + </include> AND permission = 'READ'; </select> http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/14d10fb4/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml index 654351f..25d7659 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml @@ -70,16 +70,53 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id JOIN guacamole_user_permission ON affected_user_id = guacamole_user.user_id WHERE - guacamole_user_permission.entity_id IN ( - <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities"> - <property name="inheritFlag" value="true"/> - <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> - </include> - ) + <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> + <property name="column" value="guacamole_user_permission.entity_id"/> + <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> + <property name="groups" value="effectiveGroups"/> + </include> AND guacamole_entity.type = 'USER'::guacamole_entity_type AND permission = 'READ' </select> + <!-- Select names of all effective (including inherited) groups --> + <select id="selectEffectiveGroupIdentifiers" resultType="string"> + + WITH RECURSIVE related_entity(entity_id) AS ( + SELECT + guacamole_user_group.entity_id + FROM guacamole_user_group + JOIN guacamole_user_group_member ON guacamole_user_group.user_group_id = guacamole_user_group_member.user_group_id + WHERE + guacamole_user_group_member.member_entity_id = #{user.entityID} + <if test="!effectiveGroups.isEmpty()"> + UNION + SELECT + guacamole_entity.entity_id + FROM guacamole_entity + WHERE + type = 'USER_GROUP'::guacamole_entity_type + AND name IN + <foreach collection="effectiveGroups" item="effectiveGroup" + open="(" separator="," close=")"> + #{effectiveGroup,jdbcType=VARCHAR} + </foreach> + </if> + UNION + SELECT + guacamole_user_group.entity_id + FROM related_entity + JOIN guacamole_user_group_member ON related_entity.entity_id = guacamole_user_group_member.member_entity_id + JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_member.user_group_id + ) + SELECT name + FROM related_entity + JOIN guacamole_entity ON related_entity.entity_id = guacamole_entity.entity_id + WHERE + guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type; + + </select> + <!-- Select multiple users by username --> <select id="select" resultMap="UserResultMap" resultSets="users,arbitraryAttributes"> @@ -163,12 +200,11 @@ #{identifier,jdbcType=VARCHAR} </foreach> AND guacamole_entity.type = 'USER'::guacamole_entity_type - AND guacamole_user_permission.entity_id IN ( - <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities"> - <property name="inheritFlag" value="true"/> - <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> - </include> - ) + AND <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> + <property name="column" value="guacamole_user_permission.entity_id"/> + <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> + <property name="groups" value="effectiveGroups"/> + </include> AND permission = 'READ' GROUP BY guacamole_user.user_id, guacamole_entity.entity_id; @@ -186,12 +222,11 @@ #{identifier,jdbcType=VARCHAR} </foreach> AND guacamole_entity.type = 'USER'::guacamole_entity_type - AND guacamole_user_permission.entity_id IN ( - <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities"> - <property name="inheritFlag" value="true"/> - <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> - </include> - ) + AND <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> + <property name="column" value="guacamole_user_permission.entity_id"/> + <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> + <property name="groups" value="effectiveGroups"/> + </include> AND permission = 'READ'; </select> http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/14d10fb4/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml index 862e2d7..6311a25 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml @@ -156,12 +156,11 @@ <!-- Restrict to readable users --> JOIN guacamole_user_permission ON guacamole_user_history.user_id = guacamole_user_permission.affected_user_id - AND guacamole_user_permission.entity_id IN ( - <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities"> - <property name="inheritFlag" value="true"/> - <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> - </include> - ) + AND <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> + <property name="column" value="guacamole_user_permission.entity_id"/> + <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> + <property name="groups" value="effectiveGroups"/> + </include> AND guacamole_user_permission.permission = 'READ' <!-- Search terms -->