GUACAMOLE-220: Map and allow manipulation of the user group parents of user groups.
Project: http://git-wip-us.apache.org/repos/asf/guacamole-client/repo Commit: http://git-wip-us.apache.org/repos/asf/guacamole-client/commit/856ab443 Tree: http://git-wip-us.apache.org/repos/asf/guacamole-client/tree/856ab443 Diff: http://git-wip-us.apache.org/repos/asf/guacamole-client/diff/856ab443 Branch: refs/heads/master Commit: 856ab44373df4e6b458c3c9c63536afb17af265e Parents: 63be247 Author: Michael Jumper <mjum...@apache.org> Authored: Tue Apr 10 14:31:13 2018 -0700 Committer: Michael Jumper <mjum...@apache.org> Committed: Wed Sep 19 23:56:52 2018 -0700 ---------------------------------------------------------------------- .../jdbc/JDBCAuthenticationProviderModule.java | 2 + .../auth/jdbc/usergroup/ModeledUserGroup.java | 12 ++- .../UserGroupParentUserGroupMapper.java | 28 ++++++ .../usergroup/UserGroupParentUserGroupSet.java | 58 ++++++++++++ .../UserGroupParentUserGroupMapper.xml | 96 ++++++++++++++++++++ 5 files changed, 194 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/856ab443/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java index ab7547f..2d4c67a 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java @@ -87,6 +87,7 @@ import org.apache.guacamole.auth.jdbc.usergroup.UserGroupDirectory; import org.apache.guacamole.auth.jdbc.usergroup.UserGroupMapper; import org.apache.guacamole.auth.jdbc.usergroup.UserGroupMemberUserGroupMapper; import org.apache.guacamole.auth.jdbc.usergroup.UserGroupMemberUserMapper; +import org.apache.guacamole.auth.jdbc.usergroup.UserGroupParentUserGroupMapper; import org.apache.guacamole.auth.jdbc.usergroup.UserGroupService; import org.mybatis.guice.MyBatisModule; import org.mybatis.guice.datasource.builtin.PooledDataSourceProvider; @@ -140,6 +141,7 @@ public class JDBCAuthenticationProviderModule extends MyBatisModule { addMapperClass(UserGroupMapper.class); addMapperClass(UserGroupMemberUserGroupMapper.class); addMapperClass(UserGroupMemberUserMapper.class); + addMapperClass(UserGroupParentUserGroupMapper.class); addMapperClass(UserGroupPermissionMapper.class); addMapperClass(UserMapper.class); addMapperClass(UserPermissionMapper.class); http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/856ab443/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/ModeledUserGroup.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/ModeledUserGroup.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/ModeledUserGroup.java index fcf1250..914a292 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/ModeledUserGroup.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/ModeledUserGroup.java @@ -35,7 +35,6 @@ import org.apache.guacamole.form.Field; import org.apache.guacamole.form.Form; import org.apache.guacamole.net.auth.RelatedObjectSet; import org.apache.guacamole.net.auth.UserGroup; -import org.apache.guacamole.net.auth.simple.SimpleRelatedObjectSet; /** * An implementation of the UserGroup object which is backed by a database model. @@ -75,6 +74,13 @@ public class ModeledUserGroup extends ModeledPermissions<UserGroupModel> ))); /** + * Provider for RelatedObjectSets containing the user groups of which this + * user group is a member. + */ + @Inject + private Provider<UserGroupParentUserGroupSet> parentUserGroupSetProvider; + + /** * Provider for RelatedObjectSets containing the users that are members of * this user group. */ @@ -184,7 +190,9 @@ public class ModeledUserGroup extends ModeledPermissions<UserGroupModel> @Override public RelatedObjectSet getUserGroups() throws GuacamoleException { - return new SimpleRelatedObjectSet(); + UserGroupParentUserGroupSet parentUserGroupSet = parentUserGroupSetProvider.get(); + parentUserGroupSet.init(getCurrentUser(), this); + return parentUserGroupSet; } @Override http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/856ab443/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.java new file mode 100644 index 0000000..37433cc --- /dev/null +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.java @@ -0,0 +1,28 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.jdbc.usergroup; + +import org.apache.guacamole.auth.jdbc.base.ObjectRelationMapper; + +/** + * Mapper for the one-to-many relationship between a user group and its + * containing user groups. + */ +public interface UserGroupParentUserGroupMapper extends ObjectRelationMapper<UserGroupModel> {} http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/856ab443/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupSet.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupSet.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupSet.java new file mode 100644 index 0000000..ee1f8ef --- /dev/null +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupSet.java @@ -0,0 +1,58 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.jdbc.usergroup; + +import com.google.inject.Inject; +import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.auth.jdbc.base.ObjectRelationMapper; +import org.apache.guacamole.auth.jdbc.base.RelatedObjectSet; +import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; + +/** + * RelatedObjectSet implementation which represents the one-to-many + * relationship between a particular user group and its containing user groups. + */ +public class UserGroupParentUserGroupSet extends RelatedObjectSet<ModeledUserGroup, UserGroupModel> { + + /** + * Mapper for the relation between user groups and their containing user + * groups. + */ + @Inject + private UserGroupParentUserGroupMapper userGroupParentUserGroupMapper; + + @Override + protected ObjectRelationMapper<UserGroupModel> getObjectRelationMapper() { + return userGroupParentUserGroupMapper; + } + + @Override + protected ObjectPermissionSet + getParentObjectEffectivePermissionSet() throws GuacamoleException { + return getCurrentUser().getUser().getEffectivePermissions().getUserGroupPermissions(); + } + + @Override + protected ObjectPermissionSet getChildObjectEffectivePermissionSet() + throws GuacamoleException { + return getCurrentUser().getUser().getEffectivePermissions().getUserGroupPermissions(); + } + +} http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/856ab443/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml new file mode 100644 index 0000000..035211c --- /dev/null +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/usergroup/UserGroupParentUserGroupMapper.xml @@ -0,0 +1,96 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" + "http://mybatis.org/dtd/mybatis-3-mapper.dtd" > + +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> + +<mapper namespace="org.apache.guacamole.auth.jdbc.usergroup.UserGroupParentUserGroupMapper" > + + <!-- Select the names of all parent user groups --> + <select id="selectChildIdentifiers" resultType="string"> + SELECT name + FROM guacamole_user_group_member + JOIN guacamole_user_group ON guacamole_user_group_member.user_group_id = guacamole_user_group.user_group_id + JOIN guacamole_entity ON guacamole_entity.entity_id = guacamole_user_group.entity_id + WHERE + guacamole_user_group_member.member_entity_id = #{parent.entityID,jdbcType=INTEGER} + AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + </select> + + <!-- Select the names of all readable parent user groups --> + <select id="selectReadableChildIdentifiers" resultType="string"> + SELECT guacamole_entity.name + FROM guacamole_user_group_member + JOIN guacamole_user_group ON guacamole_user_group_member.user_group_id = guacamole_user_group.user_group_id + JOIN guacamole_entity ON guacamole_entity.entity_id = guacamole_user_group.entity_id + JOIN guacamole_user_group_permission ON affected_user_group_id = guacamole_user_group.user_group_id + WHERE + <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> + <property name="column" value="guacamole_user_group_permission.entity_id"/> + <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> + <property name="groups" value="effectiveGroups"/> + </include> + AND guacamole_user_group_member.member_entity_id = #{parent.entityID,jdbcType=INTEGER} + AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + AND permission = 'READ' + </select> + + <!-- Delete parent groups by name --> + <delete id="delete"> + DELETE FROM guacamole_user_group_member + USING guacamole_user_group, guacamole_entity + WHERE + member_entity_id = #{parent.entityID,jdbcType=INTEGER} + AND guacamole_user_group.user_group_id = guacamole_user_group_member.user_group_id + AND guacamole_entity.entity_id = guacamole_user_group.entity_id + AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + AND guacamole_entity.name IN + <foreach collection="children" item="identifier" + open="(" separator="," close=")"> + #{identifier,jdbcType=VARCHAR} + </foreach> + </delete> + + <!-- Insert parent groups by name --> + <insert id="insert"> + INSERT INTO guacamole_user_group_member ( + user_group_id, + member_entity_id + ) + SELECT DISTINCT + guacamole_user_group.user_group_id, + #{parent.entityID,jdbcType=INTEGER} + FROM guacamole_user_group + JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id + WHERE + guacamole_entity.name IN + <foreach collection="children" item="identifier" + open="(" separator="," close=")"> + #{identifier,jdbcType=VARCHAR} + </foreach> + AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type + AND guacamole_user_group.user_group_id NOT IN ( + SELECT guacamole_user_group_member.user_group_id + FROM guacamole_user_group_member + WHERE guacamole_user_group_member.member_entity_id = #{parent.entityID,jdbcType=INTEGER} + ) + </insert> + +</mapper>