[GitHub] [guacamole-client] jmuehlner commented on a diff in pull request #830: GUACAMOLE-1020: Implement extension to enable additional restrictions
jmuehlner commented on code in PR #830:
URL: https://github.com/apache/guacamole-client/pull/830#discussion_r1218574960
##
extensions/guacamole-auth-restrict/src/main/java/org/apache/guacamole/calendar/TimeRestrictionParser.java:
##
@@ -0,0 +1,180 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.calendar;
+
+import java.time.DayOfWeek;
+import java.time.LocalTime;
+import java.time.format.DateTimeFormatter;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * A class for parsing time-based restrictions stored in a String into other
+ * formats that can be used by Guacamole.
+ */
+public class TimeRestrictionParser {
+
+/**
+ * The compiled regular expression that matches one or more instances of
+ * a restriction string, which specifies at least one day and time range
+ * that the restriction applies to.
+ *
+ * Examples of valid restrictions are as follows:
+ *
+ * 1:0700-1700 - Monday from 07:00 to 17:00
+ * 7:-2359 - Sunday, all day (00:00 to 23:59)
+ * wd:0900-1700 - Monday through Friday, 09:00 to 17:00
+ * we:0900-1700 - Saturday and Sunday, 09:00 to 17:00
+ * 6:0900-1600;7:1200-1300 - Saturday, 09:00 to 16:00, and Sunday,
+ * 12:00 - 13:00
+ *
+ */
+private static final Pattern RESTRICTION_REGEX =
+
Pattern.compile("(?:^|;)+([1-7*]|(?:[w][ed]))(?::((?:[01][0-9]|2[0-3])[0-5][0-9])\\-((?:[01][0-9]|2[0-3])[0-5][0-9]))+");
+
+/**
+ * The RegEx group that contains the start day-of-week of the restriction.
+ */
+private static final int RESTRICTION_DAY_GROUP = 1;
+
+/**
+ * The RegEx group that contains the start time of the restriction.
+ */
+private static final int RESTRICTION_TIME_START_GROUP = 2;
+
+/**
+ * The RegEx group that contains the end time of the restriction.
+ */
+private static final int RESTRICTION_TIME_END_GROUP = 3;
+
+/**
+ * A list of DayOfWeek items that make up weekdays.
+ */
+private static final List RESTRICTION_WEEKDAYS = Arrays.asList(
+DayOfWeek.MONDAY,
+DayOfWeek.TUESDAY,
+DayOfWeek.WEDNESDAY,
+DayOfWeek.THURSDAY,
+DayOfWeek.FRIDAY
+);
+
+/**
+ * A list of DayOfWeek items that make up weekends.
+ */
+private static final List RESTRICTION_WEEKEND = Arrays.asList(
+DayOfWeek.SATURDAY,
+DayOfWeek.SUNDAY
+);
Review Comment:
Well, what I was imagining was that you could have both blacklist and
whitelist rules, each of which can contain a day and/or time.
So for the workday-only case, you could have 3 rules:
1. Whitelist of 9AM to 5PM
2. Blacklist Saturday
3. Blacklist Sunday
That wouldn't require the code knowing about the concept of a weekend or
require the field to be able to handle different days in a single rule, and
it'd be pretty easy to either change the restricted days (i.e. weekends) or
change the working hours.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
[GitHub] [guacamole-client] jmuehlner commented on a diff in pull request #830: GUACAMOLE-1020: Implement extension to enable additional restrictions
jmuehlner commented on code in PR #830:
URL: https://github.com/apache/guacamole-client/pull/830#discussion_r1218574960
##
extensions/guacamole-auth-restrict/src/main/java/org/apache/guacamole/calendar/TimeRestrictionParser.java:
##
@@ -0,0 +1,180 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.calendar;
+
+import java.time.DayOfWeek;
+import java.time.LocalTime;
+import java.time.format.DateTimeFormatter;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * A class for parsing time-based restrictions stored in a String into other
+ * formats that can be used by Guacamole.
+ */
+public class TimeRestrictionParser {
+
+/**
+ * The compiled regular expression that matches one or more instances of
+ * a restriction string, which specifies at least one day and time range
+ * that the restriction applies to.
+ *
+ * Examples of valid restrictions are as follows:
+ *
+ * 1:0700-1700 - Monday from 07:00 to 17:00
+ * 7:-2359 - Sunday, all day (00:00 to 23:59)
+ * wd:0900-1700 - Monday through Friday, 09:00 to 17:00
+ * we:0900-1700 - Saturday and Sunday, 09:00 to 17:00
+ * 6:0900-1600;7:1200-1300 - Saturday, 09:00 to 16:00, and Sunday,
+ * 12:00 - 13:00
+ *
+ */
+private static final Pattern RESTRICTION_REGEX =
+
Pattern.compile("(?:^|;)+([1-7*]|(?:[w][ed]))(?::((?:[01][0-9]|2[0-3])[0-5][0-9])\\-((?:[01][0-9]|2[0-3])[0-5][0-9]))+");
+
+/**
+ * The RegEx group that contains the start day-of-week of the restriction.
+ */
+private static final int RESTRICTION_DAY_GROUP = 1;
+
+/**
+ * The RegEx group that contains the start time of the restriction.
+ */
+private static final int RESTRICTION_TIME_START_GROUP = 2;
+
+/**
+ * The RegEx group that contains the end time of the restriction.
+ */
+private static final int RESTRICTION_TIME_END_GROUP = 3;
+
+/**
+ * A list of DayOfWeek items that make up weekdays.
+ */
+private static final List RESTRICTION_WEEKDAYS = Arrays.asList(
+DayOfWeek.MONDAY,
+DayOfWeek.TUESDAY,
+DayOfWeek.WEDNESDAY,
+DayOfWeek.THURSDAY,
+DayOfWeek.FRIDAY
+);
+
+/**
+ * A list of DayOfWeek items that make up weekends.
+ */
+private static final List RESTRICTION_WEEKEND = Arrays.asList(
+DayOfWeek.SATURDAY,
+DayOfWeek.SUNDAY
+);
Review Comment:
Well, what I was imagining was that you could both blacklist and whitelist
rules, each of which can contain a day and/or time.
So for the workday-only case, you could have 3 rules:
1. Whitelist of 9AM to 5PM
2. Blacklist Saturday
3. Blacklist Sunday
That wouldn't require the code knowing about the concept of a weekend or
require the field to be able to handle different days in a single rule, and
it'd be pretty easy to either change the restricted days (i.e. weekends) or
change the working hours.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
[GitHub] [guacamole-client] jmuehlner commented on a diff in pull request #830: GUACAMOLE-1020: Implement extension to enable additional restrictions
jmuehlner commented on code in PR #830:
URL: https://github.com/apache/guacamole-client/pull/830#discussion_r1218443978
##
extensions/guacamole-auth-restrict/src/main/java/org/apache/guacamole/calendar/TimeRestrictionParser.java:
##
@@ -0,0 +1,180 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.calendar;
+
+import java.time.DayOfWeek;
+import java.time.LocalTime;
+import java.time.format.DateTimeFormatter;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * A class for parsing time-based restrictions stored in a String into other
+ * formats that can be used by Guacamole.
+ */
+public class TimeRestrictionParser {
+
+/**
+ * The compiled regular expression that matches one or more instances of
+ * a restriction string, which specifies at least one day and time range
+ * that the restriction applies to.
+ *
+ * Examples of valid restrictions are as follows:
+ *
+ * 1:0700-1700 - Monday from 07:00 to 17:00
+ * 7:-2359 - Sunday, all day (00:00 to 23:59)
+ * wd:0900-1700 - Monday through Friday, 09:00 to 17:00
+ * we:0900-1700 - Saturday and Sunday, 09:00 to 17:00
+ * 6:0900-1600;7:1200-1300 - Saturday, 09:00 to 16:00, and Sunday,
+ * 12:00 - 13:00
+ *
+ */
+private static final Pattern RESTRICTION_REGEX =
+
Pattern.compile("(?:^|;)+([1-7*]|(?:[w][ed]))(?::((?:[01][0-9]|2[0-3])[0-5][0-9])\\-((?:[01][0-9]|2[0-3])[0-5][0-9]))+");
+
+/**
+ * The RegEx group that contains the start day-of-week of the restriction.
+ */
+private static final int RESTRICTION_DAY_GROUP = 1;
+
+/**
+ * The RegEx group that contains the start time of the restriction.
+ */
+private static final int RESTRICTION_TIME_START_GROUP = 2;
+
+/**
+ * The RegEx group that contains the end time of the restriction.
+ */
+private static final int RESTRICTION_TIME_END_GROUP = 3;
+
+/**
+ * A list of DayOfWeek items that make up weekdays.
+ */
+private static final List RESTRICTION_WEEKDAYS = Arrays.asList(
+DayOfWeek.MONDAY,
+DayOfWeek.TUESDAY,
+DayOfWeek.WEDNESDAY,
+DayOfWeek.THURSDAY,
+DayOfWeek.FRIDAY
+);
+
+/**
+ * A list of DayOfWeek items that make up weekends.
+ */
+private static final List RESTRICTION_WEEKEND = Arrays.asList(
+DayOfWeek.SATURDAY,
+DayOfWeek.SUNDAY
+);
Review Comment:
On possibility would be to just get rid of the weekday / weekend distinction
- you can always still create a "employees can only log in between 9 and 5 on
M-F" sort of restriction like what I suggested in
https://github.com/apache/guacamole-client/pull/830#issuecomment-1506083282.
So I guess option 3 would be what I lean towards. Allowing configurable
weekdays / weekends sounds a bit overkill to me. I'm happy to be convinced
otherwise though. You could even possibly just skip the multi drop down, and
just add e.g. individual rules for Saturday and for Sunday.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
[GitHub] [guacamole-client] jmuehlner commented on a diff in pull request #830: GUACAMOLE-1020: Implement extension to enable additional restrictions
jmuehlner commented on code in PR #830:
URL: https://github.com/apache/guacamole-client/pull/830#discussion_r1218443978
##
extensions/guacamole-auth-restrict/src/main/java/org/apache/guacamole/calendar/TimeRestrictionParser.java:
##
@@ -0,0 +1,180 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.calendar;
+
+import java.time.DayOfWeek;
+import java.time.LocalTime;
+import java.time.format.DateTimeFormatter;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * A class for parsing time-based restrictions stored in a String into other
+ * formats that can be used by Guacamole.
+ */
+public class TimeRestrictionParser {
+
+/**
+ * The compiled regular expression that matches one or more instances of
+ * a restriction string, which specifies at least one day and time range
+ * that the restriction applies to.
+ *
+ * Examples of valid restrictions are as follows:
+ *
+ * 1:0700-1700 - Monday from 07:00 to 17:00
+ * 7:-2359 - Sunday, all day (00:00 to 23:59)
+ * wd:0900-1700 - Monday through Friday, 09:00 to 17:00
+ * we:0900-1700 - Saturday and Sunday, 09:00 to 17:00
+ * 6:0900-1600;7:1200-1300 - Saturday, 09:00 to 16:00, and Sunday,
+ * 12:00 - 13:00
+ *
+ */
+private static final Pattern RESTRICTION_REGEX =
+
Pattern.compile("(?:^|;)+([1-7*]|(?:[w][ed]))(?::((?:[01][0-9]|2[0-3])[0-5][0-9])\\-((?:[01][0-9]|2[0-3])[0-5][0-9]))+");
+
+/**
+ * The RegEx group that contains the start day-of-week of the restriction.
+ */
+private static final int RESTRICTION_DAY_GROUP = 1;
+
+/**
+ * The RegEx group that contains the start time of the restriction.
+ */
+private static final int RESTRICTION_TIME_START_GROUP = 2;
+
+/**
+ * The RegEx group that contains the end time of the restriction.
+ */
+private static final int RESTRICTION_TIME_END_GROUP = 3;
+
+/**
+ * A list of DayOfWeek items that make up weekdays.
+ */
+private static final List RESTRICTION_WEEKDAYS = Arrays.asList(
+DayOfWeek.MONDAY,
+DayOfWeek.TUESDAY,
+DayOfWeek.WEDNESDAY,
+DayOfWeek.THURSDAY,
+DayOfWeek.FRIDAY
+);
+
+/**
+ * A list of DayOfWeek items that make up weekends.
+ */
+private static final List RESTRICTION_WEEKEND = Arrays.asList(
+DayOfWeek.SATURDAY,
+DayOfWeek.SUNDAY
+);
Review Comment:
On possibility would be to just get rid of the weekday / weekend distinction
- you can always still create a "employees can only log in between 9 and 5 on
M-F" sort of restriction like what I suggested in
https://github.com/apache/guacamole-client/pull/830#issuecomment-1506083282.
So I guess option 3 would be what I lean towards. Allowing configurable
weekdays / weekends sounds a bit overkill to me. I'm happy to be convinced
otherwise though.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
[GitHub] [guacamole-client] jmuehlner commented on a diff in pull request #830: GUACAMOLE-1020: Implement extension to enable additional restrictions
jmuehlner commented on code in PR #830:
URL: https://github.com/apache/guacamole-client/pull/830#discussion_r1175855164
##
extensions/guacamole-auth-restrict/src/main/resources/controllers/hostRestrictionFieldController.js:
##
@@ -0,0 +1,168 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+/**
+ * Controller for host restriction fields, which are used to configure a
+ * hostname, IP address, or CIDR range, that this restriction applies to.
+ */
+angular.module('guacRestrict').controller('hostRestrictionFieldController',
['$scope', '$injector',
+function hostRestrictionFieldController($scope, $injector) {
+
+// Required types
+const HostRestrictionEntry = $injector.get('HostRestrictionEntry');
+
+/**
+ * Options which dictate the behavior of the input field model, as defined
+ * by https://docs.angularjs.org/api/ng/directive/ngModelOptions
+ *
+ * @type Object.
+ */
+$scope.modelOptions = {
+
+/**
+ * Space-delimited list of events on which the model will be updated.
+ *
+ * @type String
+ */
+updateOn : 'blur',
+
+/**
+ * The time zone to use when reading/writing the Date object of the
+ * model.
+ *
+ * @type String
+ */
+timezone : 'UTC'
+
+};
+
+/**
+ * The restrictions, as objects, that are used by the HTML template to
+ * present the restrictions to the user via the web interface.
Review Comment:
This array should be annotated with the `@type` of item that it holds.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
[GitHub] [guacamole-client] jmuehlner commented on a diff in pull request #830: GUACAMOLE-1020: Implement extension to enable additional restrictions
jmuehlner commented on code in PR #830:
URL: https://github.com/apache/guacamole-client/pull/830#discussion_r1175788159
##
extensions/guacamole-auth-restrict/src/main/java/org/apache/guacamole/auth/restrict/user/RestrictUserContext.java:
##
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.restrict.user;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.auth.restrict.connection.RestrictConnection;
+import
org.apache.guacamole.auth.restrict.connectiongroup.RestrictConnectionGroup;
+import org.apache.guacamole.auth.restrict.usergroup.RestrictUserGroup;
+import org.apache.guacamole.form.Form;
+import org.apache.guacamole.net.auth.Connection;
+import org.apache.guacamole.net.auth.ConnectionGroup;
+import org.apache.guacamole.net.auth.DecoratingDirectory;
+import org.apache.guacamole.net.auth.DelegatingUserContext;
+import org.apache.guacamole.net.auth.Directory;
+import org.apache.guacamole.net.auth.User;
+import org.apache.guacamole.net.auth.UserContext;
+import org.apache.guacamole.net.auth.UserGroup;
+
+/**
+ * A UserContext implementation for additional login and connection
restrictions
+ * which wraps the UserContext of some other extension.
+ */
+public class RestrictUserContext extends DelegatingUserContext {
+
+/**
+ * The remote address from which this user logged in.
+ */
+String remoteAddress;
Review Comment:
Hmm, why is this not `private`? Or `final`? I don't see it updated or
accessed anywhere outside this class.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
[GitHub] [guacamole-client] jmuehlner commented on a diff in pull request #830: GUACAMOLE-1020: Implement extension to enable additional restrictions
jmuehlner commented on code in PR #830:
URL: https://github.com/apache/guacamole-client/pull/830#discussion_r1164760242
##
extensions/guacamole-auth-restrict/src/main/java/org/apache/guacamole/auth/restrict/TranslatableInvalidHostLoginException.java:
##
@@ -0,0 +1,72 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.restrict;
+
+import org.apache.guacamole.language.TranslatableGuacamoleClientException;
+import org.apache.guacamole.language.TranslatableMessage;
+
+/**
+ * An exception that represents an invalid login or connection due to
+ * restrictions based on the host from which the action should be allowed.
+ */
+public class TranslatableInvalidHostLoginException
+extends TranslatableGuacamoleClientException {
+
+/**
+ * The serial version ID of this class.
+ */
+private static final long serialVersionUID = 1L;
Review Comment:
Good call on adding these - I had forgotten that `Exception` is
`Serializable`, so this seems like the right thing to do. That said, do we
actually serialize any `GuacamoleException`s? We have a lot of subclasses
floating around without this field being defined...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
[GitHub] [guacamole-client] jmuehlner commented on a diff in pull request #830: GUACAMOLE-1020: Implement extension to enable additional restrictions
jmuehlner commented on code in PR #830:
URL: https://github.com/apache/guacamole-client/pull/830#discussion_r1164754171
##
extensions/guacamole-auth-restrict/src/main/java/org/apache/guacamole/auth/restrict/connectiongroup/RestrictConnectionGroup.java:
##
@@ -0,0 +1,183 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.restrict.connectiongroup;
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.auth.restrict.RestrictionVerificationService;
+import org.apache.guacamole.auth.restrict.form.HostRestrictionField;
+import org.apache.guacamole.auth.restrict.form.TimeRestrictionField;
+import org.apache.guacamole.form.Form;
+import org.apache.guacamole.net.GuacamoleTunnel;
+import org.apache.guacamole.net.auth.ConnectionGroup;
+import org.apache.guacamole.net.auth.DelegatingConnectionGroup;
+import org.apache.guacamole.protocol.GuacamoleClientInformation;
+
+/**
+ * A ConnectionGroup implementation that wraps another connection, providing
+ * additional ability to restrict the time that the connection group can be
+ * accessed and the remote addresses allowed to use the connection group.
+ */
+public class RestrictConnectionGroup extends DelegatingConnectionGroup {
+
+/**
+ * The name of the attribute that contains a list of weekdays and times
that
+ * this connection group can be accessed. The presence of values within
this
+ * attribute will automatically restrict use of the connections at any
+ * times that are not specified.
+ */
+public static final String RESTRICT_TIME_ALLOWED_ATTRIBUTE_NAME =
"guac-restrict-time-allowed";
+
+/**
+ * The name of the attribute that contains a list of weekdays and times
that
+ * this connection group cannot be accessed. Denied times will always take
+ * precedence over allowed times. The presence of this attribute without
+ * guac-restrict-time-allowed will deny access only during the times listed
+ * in this attribute, allowing access at all other times. The presence of
+ * this attribute along with the guac-restrict-time-allowed attribute will
+ * deny access at any times that overlap with the allowed times.
+ */
+public static final String RESTRICT_TIME_DENIED_ATTRIBUTE_NAME =
"guac-restrict-time-denied";
+
+/**
+ * The name of the attribute that contains a list of hosts from which a
user
+ * may access this connection group. The presence of this attribute will
+ * restrict access to only users accessing Guacamole from the list of hosts
+ * contained in the attribute, subject to further restriction by the
+ * guac-restrict-hosts-denied attribute.
+ */
+public static final String RESTRICT_HOSTS_ALLOWED_ATTRIBUTE_NAME =
"guac-restrict-hosts-allowed";
+
+/**
+ * The name of the attribute that contains a list of hosts from which
+ * a user may not access this connection group. The presence of this
+ * attribute, absent the guac-restrict-hosts-allowed attribute, will allow
+ * access from all hosts except the ones listed in this attribute. The
+ * presence of this attribute coupled with the guac-restrict-hosts-allowed
+ * attribute will block access from any hosts in this list, overriding any
+ * that may be allowed.
+ */
+public static final String RESTRICT_HOSTS_DENIED_ATTRIBUTE_NAME =
"guac-restrict-hosts-denied";
+
+/**
+ * The list of all connection group attributes provided by this
+ * ConnectionGroup implementation.
+ */
+public static final List RESTRICT_CONNECTIONGROUP_ATTRIBUTES =
Arrays.asList(
+RESTRICT_TIME_ALLOWED_ATTRIBUTE_NAME,
+RESTRICT_TIME_DENIED_ATTRIBUTE_NAME,
+RESTRICT_HOSTS_ALLOWED_ATTRIBUTE_NAME,
+RESTRICT_HOSTS_DENIED_ATTRIBUTE_NAME
+);
+
+/**
+ * The form containing the list of fields for the attributes provided
+ * by this module.
+ */
+public static final Form RESTRICT_CONNECTIONGROUP_FORM = new
Form("restrict-login-form",
+Arrays.a
[GitHub] [guacamole-client] jmuehlner commented on a diff in pull request #830: GUACAMOLE-1020: Implement extension to enable additional restrictions
jmuehlner commented on code in PR #830:
URL: https://github.com/apache/guacamole-client/pull/830#discussion_r1164752793
##
extensions/guacamole-auth-restrict/src/main/java/org/apache/guacamole/auth/restrict/connectiongroup/RestrictConnectionGroup.java:
##
@@ -0,0 +1,183 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.restrict.connectiongroup;
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.auth.restrict.RestrictionVerificationService;
+import org.apache.guacamole.auth.restrict.form.HostRestrictionField;
+import org.apache.guacamole.auth.restrict.form.TimeRestrictionField;
+import org.apache.guacamole.form.Form;
+import org.apache.guacamole.net.GuacamoleTunnel;
+import org.apache.guacamole.net.auth.ConnectionGroup;
+import org.apache.guacamole.net.auth.DelegatingConnectionGroup;
+import org.apache.guacamole.protocol.GuacamoleClientInformation;
+
+/**
+ * A ConnectionGroup implementation that wraps another connection, providing
+ * additional ability to restrict the time that the connection group can be
+ * accessed and the remote addresses allowed to use the connection group.
+ */
+public class RestrictConnectionGroup extends DelegatingConnectionGroup {
+
+/**
+ * The name of the attribute that contains a list of weekdays and times
that
+ * this connection group can be accessed. The presence of values within
this
+ * attribute will automatically restrict use of the connections at any
+ * times that are not specified.
+ */
+public static final String RESTRICT_TIME_ALLOWED_ATTRIBUTE_NAME =
"guac-restrict-time-allowed";
+
+/**
+ * The name of the attribute that contains a list of weekdays and times
that
+ * this connection group cannot be accessed. Denied times will always take
+ * precedence over allowed times. The presence of this attribute without
+ * guac-restrict-time-allowed will deny access only during the times listed
+ * in this attribute, allowing access at all other times. The presence of
+ * this attribute along with the guac-restrict-time-allowed attribute will
+ * deny access at any times that overlap with the allowed times.
+ */
+public static final String RESTRICT_TIME_DENIED_ATTRIBUTE_NAME =
"guac-restrict-time-denied";
+
+/**
+ * The name of the attribute that contains a list of hosts from which a
user
+ * may access this connection group. The presence of this attribute will
+ * restrict access to only users accessing Guacamole from the list of hosts
+ * contained in the attribute, subject to further restriction by the
+ * guac-restrict-hosts-denied attribute.
+ */
+public static final String RESTRICT_HOSTS_ALLOWED_ATTRIBUTE_NAME =
"guac-restrict-hosts-allowed";
+
+/**
+ * The name of the attribute that contains a list of hosts from which
+ * a user may not access this connection group. The presence of this
+ * attribute, absent the guac-restrict-hosts-allowed attribute, will allow
+ * access from all hosts except the ones listed in this attribute. The
+ * presence of this attribute coupled with the guac-restrict-hosts-allowed
+ * attribute will block access from any hosts in this list, overriding any
+ * that may be allowed.
+ */
+public static final String RESTRICT_HOSTS_DENIED_ATTRIBUTE_NAME =
"guac-restrict-hosts-denied";
+
+/**
+ * The list of all connection group attributes provided by this
+ * ConnectionGroup implementation.
+ */
+public static final List RESTRICT_CONNECTIONGROUP_ATTRIBUTES =
Arrays.asList(
+RESTRICT_TIME_ALLOWED_ATTRIBUTE_NAME,
+RESTRICT_TIME_DENIED_ATTRIBUTE_NAME,
+RESTRICT_HOSTS_ALLOWED_ATTRIBUTE_NAME,
+RESTRICT_HOSTS_DENIED_ATTRIBUTE_NAME
+);
+
+/**
+ * The form containing the list of fields for the attributes provided
+ * by this module.
+ */
+public static final Form RESTRICT_CONNECTIONGROUP_FORM = new
Form("restrict-login-form",
+Arrays.a
[GitHub] [guacamole-client] jmuehlner commented on a diff in pull request #830: GUACAMOLE-1020: Implement extension to enable additional restrictions
jmuehlner commented on code in PR #830:
URL: https://github.com/apache/guacamole-client/pull/830#discussion_r1164746157
##
extensions/guacamole-auth-restrict/src/main/java/org/apache/guacamole/auth/restrict/RestrictionVerificationService.java:
##
@@ -0,0 +1,337 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.restrict;
+
+import inet.ipaddr.HostName;
+import inet.ipaddr.HostNameException;
+import inet.ipaddr.IPAddress;
+import java.net.UnknownHostException;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.auth.restrict.connection.RestrictConnection;
+import org.apache.guacamole.auth.restrict.user.RestrictUser;
+import org.apache.guacamole.auth.restrict.usergroup.RestrictUserGroup;
+import org.apache.guacamole.calendar.DailyRestriction;
+import org.apache.guacamole.calendar.TimeRestrictionParser;
+import org.apache.guacamole.host.HostRestrictionParser;
+import org.apache.guacamole.language.TranslatableGuacamoleSecurityException;
+import org.apache.guacamole.net.auth.AuthenticatedUser;
+import org.apache.guacamole.net.auth.Directory;
+import org.apache.guacamole.net.auth.UserContext;
+import org.apache.guacamole.net.auth.UserGroup;
+import org.apache.guacamole.net.auth.permission.SystemPermission;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Service for verifying additional user login restrictions against a given
+ * login attempt.
+ */
+public class RestrictionVerificationService {
+
+/**
+ * Logger for this class.
+ */
+private static final Logger LOGGER =
LoggerFactory.getLogger(RestrictionVerificationService.class);
+
+/**
+ * Parse out the provided strings of allowed and denied times, verifying
+ * whether or not a login or connection should be allowed at the current
+ * day and time. A boolean true will be returned if the action should be
+ * allowed, otherwise false will be returned.
+ *
+ * @param allowedTimeString
+ * The string containing the times that should be parsed to determine
if
+ * the login or connection should be allowed at the current time, or
+ * null or an empty string if there are no specific allowed times
defined.
+ *
+ * @param deniedTimeString
+ * The string containing the times that should be parsed to determine
if
+ * the login or connection should be denied at the current time, or
null
+ * or an empty string if there are no specific times during which a
+ * action should be denied.
+ *
+ * @return
+ * True if the login or connection should be allowed, otherwise false.
+ */
+private static boolean allowedByTimeRestrictions(String allowedTimeString,
+String deniedTimeString) {
+
+// Check for denied entries, first, returning false if the login or
+// connection should not be allowed.
+if (deniedTimeString != null && !deniedTimeString.isEmpty()) {
+List deniedTimes =
+TimeRestrictionParser.parseString(deniedTimeString);
+
+for (DailyRestriction restriction : deniedTimes) {
+if (restriction.appliesNow())
+return false;
+}
+}
+
+// If no allowed entries are present, return true, allowing the login
+// or connection to continue.
+if (allowedTimeString == null || allowedTimeString.isEmpty())
+return true;
+
+List allowedTimes =
+TimeRestrictionParser.parseString(allowedTimeString);
+
+// Allowed entries are present, loop through them and check for a
valid time.
+for (DailyRestriction restriction : allowedTimes) {
+// If this time allows the login or connection return true.
+if (restriction.appliesNow())
+return true;
+}
+
+// We have allowed entries, but login hasn't matched, so deny it.
+return false;
+
+}
+
+/**
+ * Given the strings of allowed and denied hosts, verif
[GitHub] [guacamole-client] jmuehlner commented on a diff in pull request #830: GUACAMOLE-1020: Implement extension to enable additional restrictions
jmuehlner commented on code in PR #830:
URL: https://github.com/apache/guacamole-client/pull/830#discussion_r1164745589
##
extensions/guacamole-auth-restrict/src/main/java/org/apache/guacamole/host/HostRestrictionParser.java:
##
@@ -0,0 +1,77 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.host;
+
+import inet.ipaddr.HostName;
+import inet.ipaddr.HostNameException;
+import java.util.ArrayList;
+import java.util.List;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * A utility class that parses a string for a set of IPv4 or IPv6 addresses,
+ * or hostnames, splitting the string into a list of components.
+ */
+public class HostRestrictionParser {
+
+/**
+ * The logger for this class.
+ */
+private static final Logger LOGGER =
LoggerFactory.getLogger(HostRestrictionParser.class);
+
+/**
+ * Parse the provided string into a List of HostName objects, validating
+ * that each item is an IP address, subnet, and/or DNS name.
+ *
+ * @param hostString
+ * The string that contains a semi-colon-separated list of items to
+ * parse.
+ *
+ * @return
+ * A List of HostName objects parsed from the provided string.
+ */
+public static List parseHostList(String hostString) {
+
+List addressList = new ArrayList<>();
+
+if (hostString == null || hostString.isEmpty())
+return addressList;
+
+// First split the string by semicolons and process each entry
+for (String host : hostString.split(";")) {
+
+HostName hostName = new HostName(host);
+try {
+hostName.validate();
+addressList.add(hostName);
+}
+catch (HostNameException e) {
+LOGGER.error("Invalid host name or IP: {}", host);
Review Comment:
Not sure this should be `error` level - this could just be bad user-supplied
data, no? `warning` seems more appropriate.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
[GitHub] [guacamole-client] jmuehlner commented on a diff in pull request #830: GUACAMOLE-1020: Implement extension to enable additional restrictions
jmuehlner commented on code in PR #830:
URL: https://github.com/apache/guacamole-client/pull/830#discussion_r1164735856
##
extensions/guacamole-auth-restrict/src/main/java/org/apache/guacamole/auth/restrict/TranslatableInvalidHostConnectionException.java:
##
@@ -0,0 +1,73 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.restrict;
+
+import org.apache.guacamole.language.TranslatableGuacamoleSecurityException;
+import org.apache.guacamole.language.TranslatableMessage;
+
+/**
+ * An exception that represents an invalid login or connection due to
+ * restrictions based on the host from which the action should be allowed.
+ */
+public class TranslatableInvalidHostConnectionException
+extends TranslatableGuacamoleSecurityException {
+
+/**
+ * The serial version ID of this class.
+ */
+private static final long serialVersionUID = 1L;
+
+/**
+ * Create a new host-based connection exception with the given message and
+ * translation string that can be processed by Guacamole's translation
+ * service.
+ *
+ * @param message
+ * The non-translatable, human-readable message containing details
+ * of the exception.
+ *
+ * @param translatableMessage
+ * The translation key for this exception that can be processed through
Review Comment:
This isn't necessarily just a key - consider rewording this param
description. The same goes for the other exceptions.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
[GitHub] [guacamole-client] jmuehlner commented on a diff in pull request #830: GUACAMOLE-1020: Implement extension to enable additional restrictions
jmuehlner commented on code in PR #830:
URL: https://github.com/apache/guacamole-client/pull/830#discussion_r1164735856
##
extensions/guacamole-auth-restrict/src/main/java/org/apache/guacamole/auth/restrict/TranslatableInvalidHostConnectionException.java:
##
@@ -0,0 +1,73 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.restrict;
+
+import org.apache.guacamole.language.TranslatableGuacamoleSecurityException;
+import org.apache.guacamole.language.TranslatableMessage;
+
+/**
+ * An exception that represents an invalid login or connection due to
+ * restrictions based on the host from which the action should be allowed.
+ */
+public class TranslatableInvalidHostConnectionException
+extends TranslatableGuacamoleSecurityException {
+
+/**
+ * The serial version ID of this class.
+ */
+private static final long serialVersionUID = 1L;
+
+/**
+ * Create a new host-based connection exception with the given message and
+ * translation string that can be processed by Guacamole's translation
+ * service.
+ *
+ * @param message
+ * The non-translatable, human-readable message containing details
+ * of the exception.
+ *
+ * @param translatableMessage
+ * The translation key for this exception that can be processed through
Review Comment:
This isn't necessarily just a key - consider rewording this param
description. See also `TranslatableInvalidHostLoginException.java`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
[GitHub] [guacamole-client] jmuehlner commented on a diff in pull request #830: GUACAMOLE-1020: Implement extension to enable additional restrictions
jmuehlner commented on code in PR #830:
URL: https://github.com/apache/guacamole-client/pull/830#discussion_r1164739006
##
extensions/guacamole-auth-restrict/src/main/java/org/apache/guacamole/auth/restrict/RestrictionVerificationService.java:
##
@@ -0,0 +1,337 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.restrict;
+
+import inet.ipaddr.HostName;
+import inet.ipaddr.HostNameException;
+import inet.ipaddr.IPAddress;
+import java.net.UnknownHostException;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.auth.restrict.connection.RestrictConnection;
+import org.apache.guacamole.auth.restrict.user.RestrictUser;
+import org.apache.guacamole.auth.restrict.usergroup.RestrictUserGroup;
+import org.apache.guacamole.calendar.DailyRestriction;
+import org.apache.guacamole.calendar.TimeRestrictionParser;
+import org.apache.guacamole.host.HostRestrictionParser;
+import org.apache.guacamole.language.TranslatableGuacamoleSecurityException;
+import org.apache.guacamole.net.auth.AuthenticatedUser;
+import org.apache.guacamole.net.auth.Directory;
+import org.apache.guacamole.net.auth.UserContext;
+import org.apache.guacamole.net.auth.UserGroup;
+import org.apache.guacamole.net.auth.permission.SystemPermission;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Service for verifying additional user login restrictions against a given
+ * login attempt.
+ */
+public class RestrictionVerificationService {
+
+/**
+ * Logger for this class.
+ */
+private static final Logger LOGGER =
LoggerFactory.getLogger(RestrictionVerificationService.class);
+
+/**
+ * Parse out the provided strings of allowed and denied times, verifying
+ * whether or not a login or connection should be allowed at the current
+ * day and time. A boolean true will be returned if the action should be
+ * allowed, otherwise false will be returned.
+ *
+ * @param allowedTimeString
+ * The string containing the times that should be parsed to determine
if
+ * the login or connection should be allowed at the current time, or
+ * null or an empty string if there are no specific allowed times
defined.
+ *
+ * @param deniedTimeString
+ * The string containing the times that should be parsed to determine
if
+ * the login or connection should be denied at the current time, or
null
+ * or an empty string if there are no specific times during which a
+ * action should be denied.
+ *
+ * @return
+ * True if the login or connection should be allowed, otherwise false.
+ */
+private static boolean allowedByTimeRestrictions(String allowedTimeString,
+String deniedTimeString) {
+
+// Check for denied entries, first, returning false if the login or
+// connection should not be allowed.
+if (deniedTimeString != null && !deniedTimeString.isEmpty()) {
+List deniedTimes =
+TimeRestrictionParser.parseString(deniedTimeString);
+
+for (DailyRestriction restriction : deniedTimes) {
+if (restriction.appliesNow())
+return false;
+}
+}
+
+// If no allowed entries are present, return true, allowing the login
+// or connection to continue.
+if (allowedTimeString == null || allowedTimeString.isEmpty())
+return true;
+
+List allowedTimes =
+TimeRestrictionParser.parseString(allowedTimeString);
+
+// Allowed entries are present, loop through them and check for a
valid time.
+for (DailyRestriction restriction : allowedTimes) {
+// If this time allows the login or connection return true.
+if (restriction.appliesNow())
+return true;
+}
+
+// We have allowed entries, but login hasn't matched, so deny it.
+return false;
+
+}
+
+/**
+ * Given the strings of allowed and denied hosts, verif
[GitHub] [guacamole-client] jmuehlner commented on a diff in pull request #830: GUACAMOLE-1020: Implement extension to enable additional restrictions
jmuehlner commented on code in PR #830:
URL: https://github.com/apache/guacamole-client/pull/830#discussion_r1164739006
##
extensions/guacamole-auth-restrict/src/main/java/org/apache/guacamole/auth/restrict/RestrictionVerificationService.java:
##
@@ -0,0 +1,337 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.restrict;
+
+import inet.ipaddr.HostName;
+import inet.ipaddr.HostNameException;
+import inet.ipaddr.IPAddress;
+import java.net.UnknownHostException;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.auth.restrict.connection.RestrictConnection;
+import org.apache.guacamole.auth.restrict.user.RestrictUser;
+import org.apache.guacamole.auth.restrict.usergroup.RestrictUserGroup;
+import org.apache.guacamole.calendar.DailyRestriction;
+import org.apache.guacamole.calendar.TimeRestrictionParser;
+import org.apache.guacamole.host.HostRestrictionParser;
+import org.apache.guacamole.language.TranslatableGuacamoleSecurityException;
+import org.apache.guacamole.net.auth.AuthenticatedUser;
+import org.apache.guacamole.net.auth.Directory;
+import org.apache.guacamole.net.auth.UserContext;
+import org.apache.guacamole.net.auth.UserGroup;
+import org.apache.guacamole.net.auth.permission.SystemPermission;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Service for verifying additional user login restrictions against a given
+ * login attempt.
+ */
+public class RestrictionVerificationService {
+
+/**
+ * Logger for this class.
+ */
+private static final Logger LOGGER =
LoggerFactory.getLogger(RestrictionVerificationService.class);
+
+/**
+ * Parse out the provided strings of allowed and denied times, verifying
+ * whether or not a login or connection should be allowed at the current
+ * day and time. A boolean true will be returned if the action should be
+ * allowed, otherwise false will be returned.
+ *
+ * @param allowedTimeString
+ * The string containing the times that should be parsed to determine
if
+ * the login or connection should be allowed at the current time, or
+ * null or an empty string if there are no specific allowed times
defined.
+ *
+ * @param deniedTimeString
+ * The string containing the times that should be parsed to determine
if
+ * the login or connection should be denied at the current time, or
null
+ * or an empty string if there are no specific times during which a
+ * action should be denied.
+ *
+ * @return
+ * True if the login or connection should be allowed, otherwise false.
+ */
+private static boolean allowedByTimeRestrictions(String allowedTimeString,
+String deniedTimeString) {
+
+// Check for denied entries, first, returning false if the login or
+// connection should not be allowed.
+if (deniedTimeString != null && !deniedTimeString.isEmpty()) {
+List deniedTimes =
+TimeRestrictionParser.parseString(deniedTimeString);
+
+for (DailyRestriction restriction : deniedTimes) {
+if (restriction.appliesNow())
+return false;
+}
+}
+
+// If no allowed entries are present, return true, allowing the login
+// or connection to continue.
+if (allowedTimeString == null || allowedTimeString.isEmpty())
+return true;
+
+List allowedTimes =
+TimeRestrictionParser.parseString(allowedTimeString);
+
+// Allowed entries are present, loop through them and check for a
valid time.
+for (DailyRestriction restriction : allowedTimes) {
+// If this time allows the login or connection return true.
+if (restriction.appliesNow())
+return true;
+}
+
+// We have allowed entries, but login hasn't matched, so deny it.
+return false;
+
+}
+
+/**
+ * Given the strings of allowed and denied hosts, verif
[GitHub] [guacamole-client] jmuehlner commented on a diff in pull request #830: GUACAMOLE-1020: Implement extension to enable additional restrictions
jmuehlner commented on code in PR #830:
URL: https://github.com/apache/guacamole-client/pull/830#discussion_r1164737301
##
extensions/guacamole-auth-restrict/src/main/java/org/apache/guacamole/auth/restrict/RestrictionVerificationService.java:
##
@@ -0,0 +1,337 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.restrict;
+
+import inet.ipaddr.HostName;
+import inet.ipaddr.HostNameException;
+import inet.ipaddr.IPAddress;
+import java.net.UnknownHostException;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.auth.restrict.connection.RestrictConnection;
+import org.apache.guacamole.auth.restrict.user.RestrictUser;
+import org.apache.guacamole.auth.restrict.usergroup.RestrictUserGroup;
+import org.apache.guacamole.calendar.DailyRestriction;
+import org.apache.guacamole.calendar.TimeRestrictionParser;
+import org.apache.guacamole.host.HostRestrictionParser;
+import org.apache.guacamole.language.TranslatableGuacamoleSecurityException;
+import org.apache.guacamole.net.auth.AuthenticatedUser;
+import org.apache.guacamole.net.auth.Directory;
+import org.apache.guacamole.net.auth.UserContext;
+import org.apache.guacamole.net.auth.UserGroup;
+import org.apache.guacamole.net.auth.permission.SystemPermission;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Service for verifying additional user login restrictions against a given
+ * login attempt.
+ */
+public class RestrictionVerificationService {
+
+/**
+ * Logger for this class.
+ */
+private static final Logger LOGGER =
LoggerFactory.getLogger(RestrictionVerificationService.class);
+
+/**
+ * Parse out the provided strings of allowed and denied times, verifying
+ * whether or not a login or connection should be allowed at the current
+ * day and time. A boolean true will be returned if the action should be
+ * allowed, otherwise false will be returned.
+ *
+ * @param allowedTimeString
+ * The string containing the times that should be parsed to determine
if
+ * the login or connection should be allowed at the current time, or
+ * null or an empty string if there are no specific allowed times
defined.
+ *
+ * @param deniedTimeString
+ * The string containing the times that should be parsed to determine
if
+ * the login or connection should be denied at the current time, or
null
+ * or an empty string if there are no specific times during which a
+ * action should be denied.
+ *
+ * @return
+ * True if the login or connection should be allowed, otherwise false.
+ */
+private static boolean allowedByTimeRestrictions(String allowedTimeString,
+String deniedTimeString) {
+
+// Check for denied entries, first, returning false if the login or
+// connection should not be allowed.
+if (deniedTimeString != null && !deniedTimeString.isEmpty()) {
+List deniedTimes =
+TimeRestrictionParser.parseString(deniedTimeString);
+
+for (DailyRestriction restriction : deniedTimes) {
+if (restriction.appliesNow())
+return false;
+}
+}
+
+// If no allowed entries are present, return true, allowing the login
+// or connection to continue.
+if (allowedTimeString == null || allowedTimeString.isEmpty())
+return true;
+
+List allowedTimes =
+TimeRestrictionParser.parseString(allowedTimeString);
+
+// Allowed entries are present, loop through them and check for a
valid time.
+for (DailyRestriction restriction : allowedTimes) {
+// If this time allows the login or connection return true.
+if (restriction.appliesNow())
+return true;
+}
+
+// We have allowed entries, but login hasn't matched, so deny it.
+return false;
+
+}
+
+/**
+ * Given the strings of allowed and denied hosts, verif
[GitHub] [guacamole-client] jmuehlner commented on a diff in pull request #830: GUACAMOLE-1020: Implement extension to enable additional restrictions
jmuehlner commented on code in PR #830:
URL: https://github.com/apache/guacamole-client/pull/830#discussion_r1164737301
##
extensions/guacamole-auth-restrict/src/main/java/org/apache/guacamole/auth/restrict/RestrictionVerificationService.java:
##
@@ -0,0 +1,337 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.restrict;
+
+import inet.ipaddr.HostName;
+import inet.ipaddr.HostNameException;
+import inet.ipaddr.IPAddress;
+import java.net.UnknownHostException;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.auth.restrict.connection.RestrictConnection;
+import org.apache.guacamole.auth.restrict.user.RestrictUser;
+import org.apache.guacamole.auth.restrict.usergroup.RestrictUserGroup;
+import org.apache.guacamole.calendar.DailyRestriction;
+import org.apache.guacamole.calendar.TimeRestrictionParser;
+import org.apache.guacamole.host.HostRestrictionParser;
+import org.apache.guacamole.language.TranslatableGuacamoleSecurityException;
+import org.apache.guacamole.net.auth.AuthenticatedUser;
+import org.apache.guacamole.net.auth.Directory;
+import org.apache.guacamole.net.auth.UserContext;
+import org.apache.guacamole.net.auth.UserGroup;
+import org.apache.guacamole.net.auth.permission.SystemPermission;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Service for verifying additional user login restrictions against a given
+ * login attempt.
+ */
+public class RestrictionVerificationService {
+
+/**
+ * Logger for this class.
+ */
+private static final Logger LOGGER =
LoggerFactory.getLogger(RestrictionVerificationService.class);
+
+/**
+ * Parse out the provided strings of allowed and denied times, verifying
+ * whether or not a login or connection should be allowed at the current
+ * day and time. A boolean true will be returned if the action should be
+ * allowed, otherwise false will be returned.
+ *
+ * @param allowedTimeString
+ * The string containing the times that should be parsed to determine
if
+ * the login or connection should be allowed at the current time, or
+ * null or an empty string if there are no specific allowed times
defined.
+ *
+ * @param deniedTimeString
+ * The string containing the times that should be parsed to determine
if
+ * the login or connection should be denied at the current time, or
null
+ * or an empty string if there are no specific times during which a
+ * action should be denied.
+ *
+ * @return
+ * True if the login or connection should be allowed, otherwise false.
+ */
+private static boolean allowedByTimeRestrictions(String allowedTimeString,
+String deniedTimeString) {
+
+// Check for denied entries, first, returning false if the login or
+// connection should not be allowed.
+if (deniedTimeString != null && !deniedTimeString.isEmpty()) {
+List deniedTimes =
+TimeRestrictionParser.parseString(deniedTimeString);
+
+for (DailyRestriction restriction : deniedTimes) {
+if (restriction.appliesNow())
+return false;
+}
+}
+
+// If no allowed entries are present, return true, allowing the login
+// or connection to continue.
+if (allowedTimeString == null || allowedTimeString.isEmpty())
+return true;
+
+List allowedTimes =
+TimeRestrictionParser.parseString(allowedTimeString);
+
+// Allowed entries are present, loop through them and check for a
valid time.
+for (DailyRestriction restriction : allowedTimes) {
+// If this time allows the login or connection return true.
+if (restriction.appliesNow())
+return true;
+}
+
+// We have allowed entries, but login hasn't matched, so deny it.
+return false;
+
+}
+
+/**
+ * Given the strings of allowed and denied hosts, verif
[GitHub] [guacamole-client] jmuehlner commented on a diff in pull request #830: GUACAMOLE-1020: Implement extension to enable additional restrictions
jmuehlner commented on code in PR #830:
URL: https://github.com/apache/guacamole-client/pull/830#discussion_r1164735856
##
extensions/guacamole-auth-restrict/src/main/java/org/apache/guacamole/auth/restrict/TranslatableInvalidHostConnectionException.java:
##
@@ -0,0 +1,73 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.restrict;
+
+import org.apache.guacamole.language.TranslatableGuacamoleSecurityException;
+import org.apache.guacamole.language.TranslatableMessage;
+
+/**
+ * An exception that represents an invalid login or connection due to
+ * restrictions based on the host from which the action should be allowed.
+ */
+public class TranslatableInvalidHostConnectionException
+extends TranslatableGuacamoleSecurityException {
+
+/**
+ * The serial version ID of this class.
+ */
+private static final long serialVersionUID = 1L;
+
+/**
+ * Create a new host-based connection exception with the given message and
+ * translation string that can be processed by Guacamole's translation
+ * service.
+ *
+ * @param message
+ * The non-translatable, human-readable message containing details
+ * of the exception.
+ *
+ * @param translatableMessage
+ * The translation key for this exception that can be processed through
Review Comment:
This isn't necessarily just a key - consider rewording this param
description.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
[GitHub] [guacamole-client] jmuehlner commented on a diff in pull request #830: GUACAMOLE-1020: Implement extension to enable additional restrictions
jmuehlner commented on code in PR #830:
URL: https://github.com/apache/guacamole-client/pull/830#discussion_r1164672802
##
extensions/guacamole-auth-restrict/src/main/resources/controllers/timeRestrictionFieldController.js:
##
@@ -0,0 +1,222 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+/**
+ * Controller for time restriction fields, which are used to select weekday and
+ * time restrictions that apply to user logins and connections.
+ */
+angular.module('guacRestrict').controller('timeRestrictionFieldController',
['$scope', '$injector',
+function timeRestrictionFieldController($scope, $injector) {
+
+/**
+ * Options which dictate the behavior of the input field model, as defined
+ * by https://docs.angularjs.org/api/ng/directive/ngModelOptions
+ *
+ * @type Object.
+ */
+$scope.modelOptions = {
+
+/**
+ * Space-delimited list of events on which the model will be updated.
+ *
+ * @type String
+ */
+updateOn : 'blur',
+
+/**
+ * The time zone to use when reading/writing the Date object of the
+ * model.
+ *
+ * @type String
+ */
+timezone : 'UTC'
+
+};
+
+// Required types
+// const TimeRestrictionEntry = $injector.get('TimeRestrictionEntry');
Review Comment:
Well it looks like your type is called `timeRestrictionEntry` in [the
factory](https://github.com/apache/guacamole-client/pull/830/files#diff-e1c9d1ad21ea5614d05826fa67243d11c4808c1c28d7b3ca166b583c2b4bac19R23)
(note the case difference).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
[GitHub] [guacamole-client] jmuehlner commented on a diff in pull request #830: GUACAMOLE-1020: Implement extension to enable additional restrictions
jmuehlner commented on code in PR #830: URL: https://github.com/apache/guacamole-client/pull/830#discussion_r1164476805 ## extensions/guacamole-auth-restrict/src/main/resources/restrictModule.js: ## @@ -0,0 +1,28 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +/** + * Module which provides handling for TOTP multi-factor authentication. Review Comment: Looks like some copypasta in this file - here and on line `27`. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
[GitHub] [guacamole-client] jmuehlner commented on a diff in pull request #830: GUACAMOLE-1020: Implement extension to enable additional restrictions
jmuehlner commented on code in PR #830:
URL: https://github.com/apache/guacamole-client/pull/830#discussion_r1164475486
##
extensions/guacamole-auth-restrict/src/main/resources/controllers/timeRestrictionFieldController.js:
##
@@ -0,0 +1,222 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+/**
+ * Controller for time restriction fields, which are used to select weekday and
+ * time restrictions that apply to user logins and connections.
+ */
+angular.module('guacRestrict').controller('timeRestrictionFieldController',
['$scope', '$injector',
+function timeRestrictionFieldController($scope, $injector) {
+
+/**
+ * Options which dictate the behavior of the input field model, as defined
+ * by https://docs.angularjs.org/api/ng/directive/ngModelOptions
+ *
+ * @type Object.
+ */
+$scope.modelOptions = {
+
+/**
+ * Space-delimited list of events on which the model will be updated.
+ *
+ * @type String
+ */
+updateOn : 'blur',
+
+/**
+ * The time zone to use when reading/writing the Date object of the
+ * model.
+ *
+ * @type String
+ */
+timezone : 'UTC'
+
+};
+
+// Required types
+// const TimeRestrictionEntry = $injector.get('TimeRestrictionEntry');
+
+/**
+ * The restrictions, as objects, that are used by the HTML template to
+ * present the restrictions to the user via the web interface.
+ */
+$scope.restrictions = [];
+
+/**
+ * Map of weekday identifier to display name.
+ */
+$scope.weekDays = [
+{ id : 1, day : 'Monday' },
+{ id : 2, day : 'Tuesday' },
+{ id : 3, day : 'Wednesday' },
+{ id : 4, day : 'Thursday' },
+{ id : 5, day : 'Friday' },
+{ id : 6, day : 'Saturday' },
+{ id : 7, day : 'Sunday' }
+];
+
+/**
+ * Remove the current entry from the list.
+ *
+ * @param {type} entry
+ * A restriction entry.
+ */
+$scope.removeEntry = function removeEntry(entry) {
+if (entry === null || entry.$$hashKey === '') {
+return;
+}
+for (let i = 0; i < $scope.restrictions.length; i++) {
+if ($scope.restrictions[i].$$hashKey === entry.$$hashKey) {
+$scope.restrictions.splice(i,1);
+return;
+}
+}
+};
+
+/**
+ * Add an empty entry to the restriction list.
+ */
+$scope.addEntry = function addEntry() {
+$scope.restrictions.push({});
+};
+
+
+/**
+ * Parse the provided string into an array containing the objects that
+ * represent each of entries that can then be displayed as a more
+ * user-friendly field.
+ *
+ * @param {String} restrString
+ * The string that contains the restrictions, un-parsed and as stored
+ * in the underlying field.
+ *
+ * @returns {Array|Object}
+ * An array of objects that represents each of the entries as parsed
+ * out of the string field, and which can be interpreted by the
+ * AngularJS field for display.
+ */
+var parseRestrictions = function parseRestrictions(restrString) {
+
+var restrictions = [];
+
+// If the string is null or empty, just return an empty array
+if (restrString === null || restrString === "")
+return restrictions;
+
+// Set up the RegEx and split the string using the separator.
+const restrictionRegex = new
RegExp('^((?:[1-7]\-)?(?:[1-7]))?(?::((?:[01][0-9]|2[0-3])[0-5][0-9])\-((?:[01][0-9]|2[0-3])[0-5][0-9]))$');
+var restrArray = restrString.split(";");
+
+// Loop through split string and process each item
+for (let i = 0; i < restrArray.length; i++) {
+if (restrictionRegex.test(restrArray[i])) {
+var currArray = restrArray[i].match(restrictionRegex);
+var restrDays = currArray[1].split("-");
+
+if (restrDays.length > 1) {
+for (let j = restrDays[0]; j <= restrDa
[GitHub] [guacamole-client] jmuehlner commented on a diff in pull request #830: GUACAMOLE-1020: Implement extension to enable additional restrictions
jmuehlner commented on code in PR #830:
URL: https://github.com/apache/guacamole-client/pull/830#discussion_r1164473915
##
extensions/guacamole-auth-restrict/src/main/resources/controllers/timeRestrictionFieldController.js:
##
@@ -0,0 +1,222 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+/**
+ * Controller for time restriction fields, which are used to select weekday and
+ * time restrictions that apply to user logins and connections.
+ */
+angular.module('guacRestrict').controller('timeRestrictionFieldController',
['$scope', '$injector',
+function timeRestrictionFieldController($scope, $injector) {
+
+/**
+ * Options which dictate the behavior of the input field model, as defined
+ * by https://docs.angularjs.org/api/ng/directive/ngModelOptions
+ *
+ * @type Object.
+ */
+$scope.modelOptions = {
+
+/**
+ * Space-delimited list of events on which the model will be updated.
+ *
+ * @type String
+ */
+updateOn : 'blur',
+
+/**
+ * The time zone to use when reading/writing the Date object of the
+ * model.
+ *
+ * @type String
+ */
+timezone : 'UTC'
+
+};
+
+// Required types
+// const TimeRestrictionEntry = $injector.get('TimeRestrictionEntry');
Review Comment:
?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
[GitHub] [guacamole-client] jmuehlner commented on a diff in pull request #830: GUACAMOLE-1020: Implement extension to enable additional restrictions
jmuehlner commented on code in PR #830:
URL: https://github.com/apache/guacamole-client/pull/830#discussion_r1164453306
##
extensions/guacamole-auth-restrict/src/main/java/org/apache/guacamole/calendar/TimeRestrictionParser.java:
##
@@ -0,0 +1,135 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.calendar;
+
+import java.time.DayOfWeek;
+import java.time.LocalTime;
+import java.time.format.DateTimeFormatter;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * A class for parsing time-based restrictions stored in a String into other
+ * formats that can be used by Guacamole.
+ */
+public class TimeRestrictionParser {
+
+/**
+ * The compiled regular expression that matches one or more instances of
+ * a restriction string, which specifies at least one day and time range
+ * that the restriction applies to.
+ */
+private static final Pattern RESTRICTION_REGEX =
+
Pattern.compile("(([1-7](?:\\-(?:[1-7]))?)(?::((?:[01]?[0-9]|2[0-3])[0-5][0-9])\\-((?:[01]?[0-9]|2[0-3])[0-5][0-9]))*)+(?:;|$)?");
+
+/**
+ * The RegEx group that contains the start day-of-week of the restriction.
+ */
+private static final int RESTRICTION_DAY_GROUP = 2;
+
+/**
+ * The RegEx group that contains the start time of the restriction.
+ */
+private static final int RESTRICTION_TIME_START_GROUP = 3;
+
+/**
+ * The RegEx group that contains the end time of the restriction.
+ */
+private static final int RESTRICTION_TIME_END_GROUP = 4;
+
+/**
+ * Parse the provided string containing one or more restrictions into
+ * a list of objects.
+ *
+ * @param restrictionString
+ * The string that should contain one or more semicolon-separated
+ * restriction periods.
+ *
+ * @return
+ * A list of objects parsed from the string.
+ */
+public static List parseString(String restrictionString)
{
+
+List restrictions = new ArrayList<>();
+Matcher restrictionMatcher =
RESTRICTION_REGEX.matcher(restrictionString);
+
+// Loop through RegEx matches
+while (restrictionMatcher.find()) {
+
+// Pull the day string, start time, and end time
+String dayString = restrictionMatcher.group(RESTRICTION_DAY_GROUP);
+String startTimeString =
restrictionMatcher.group(RESTRICTION_TIME_START_GROUP);
+String endTimeString =
restrictionMatcher.group(RESTRICTION_TIME_END_GROUP);
+int dayStart, dayEnd;
+
+// We must always have a start day.
+if (dayString == null || dayString.isEmpty())
+continue;
+
+// Check to see if the day string contains a range or not.
+if (dayString.contains("-")) {
+String dayStrings[] = dayString.split("-");
+dayStart = Integer.parseInt(dayStrings[0]);
+dayEnd = Integer.parseInt(dayStrings[1]);
+}
+else {
+dayStart = Integer.parseInt(dayString);
+dayEnd = Integer.parseInt(dayString);
+}
+
+// Convert the start and end time strings to LocalTime values.
+DateTimeFormatter hourFormat = DateTimeFormatter.ofPattern("HHmm");
+LocalTime startTime = LocalTime.parse(startTimeString, hourFormat);
+LocalTime endTime = LocalTime.parse(endTimeString, hourFormat);
+
+// Loop through days and add entries for each day
+for (int i = dayStart; i <= dayEnd; i++) {
+DayOfWeek weekDay = DayOfWeek.of(i);
+
+// We must always have both start time and end time.
+if (startTimeString == null || startTimeString.isEmpty()
+|| endTimeString == null || endTimeString.isEmpty())
+restrictions.add(new DailyRestriction(weekDay));
+
+else
+restrictions.add(new DailyRestrictio
[GitHub] [guacamole-client] jmuehlner commented on a diff in pull request #830: GUACAMOLE-1020: Implement extension to enable additional restrictions
jmuehlner commented on code in PR #830:
URL: https://github.com/apache/guacamole-client/pull/830#discussion_r1164450649
##
extensions/guacamole-auth-restrict/src/main/java/org/apache/guacamole/calendar/TimeRestrictionParser.java:
##
@@ -0,0 +1,135 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.calendar;
+
+import java.time.DayOfWeek;
+import java.time.LocalTime;
+import java.time.format.DateTimeFormatter;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+/**
+ * A class for parsing time-based restrictions stored in a String into other
+ * formats that can be used by Guacamole.
+ */
+public class TimeRestrictionParser {
+
+/**
+ * The compiled regular expression that matches one or more instances of
+ * a restriction string, which specifies at least one day and time range
+ * that the restriction applies to.
Review Comment:
An example of what a valid string looks like would be really handy here,
since this is hard to read at a glance.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
[GitHub] [guacamole-client] jmuehlner commented on a diff in pull request #830: GUACAMOLE-1020: Implement extension to enable additional restrictions
jmuehlner commented on code in PR #830:
URL: https://github.com/apache/guacamole-client/pull/830#discussion_r1164446805
##
extensions/guacamole-auth-restrict/src/main/resources/controllers/hostRestrictionFieldController.js:
##
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+/**
+ * Controller for host restriction fields, which are used to configure a
+ * hostname, IP address, or CIDR range, that this restriction applies to.
+ */
+angular.module('guacRestrict').controller('hostRestrictionFieldController',
['$scope', '$injector',
+function hostRestrictionFieldController($scope, $injector) {
+
+/**
+ * Options which dictate the behavior of the input field model, as defined
+ * by https://docs.angularjs.org/api/ng/directive/ngModelOptions
+ *
+ * @type Object.
+ */
+$scope.modelOptions = {
+
+/**
+ * Space-delimited list of events on which the model will be updated.
+ *
+ * @type String
+ */
+updateOn : 'blur',
+
+/**
+ * The time zone to use when reading/writing the Date object of the
+ * model.
+ *
+ * @type String
+ */
+timezone : 'UTC'
+
+};
+
+/**
+ * The restrictions, as objects, that are used by the HTML template to
+ * present the restrictions to the user via the web interface.
+ */
+$scope.restrictions = [];
+
+/**
+ * Remove the current entry from the list.
+ *
+ * @param {type} entry
Review Comment:
`{type}`?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
[GitHub] [guacamole-client] jmuehlner commented on a diff in pull request #830: GUACAMOLE-1020: Implement extension to enable additional restrictions
jmuehlner commented on code in PR #830:
URL: https://github.com/apache/guacamole-client/pull/830#discussion_r1164446276
##
extensions/guacamole-auth-restrict/src/main/resources/controllers/hostRestrictionFieldController.js:
##
@@ -0,0 +1,165 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+/**
+ * Controller for host restriction fields, which are used to configure a
+ * hostname, IP address, or CIDR range, that this restriction applies to.
+ */
+angular.module('guacRestrict').controller('hostRestrictionFieldController',
['$scope', '$injector',
+function hostRestrictionFieldController($scope, $injector) {
+
+/**
+ * Options which dictate the behavior of the input field model, as defined
+ * by https://docs.angularjs.org/api/ng/directive/ngModelOptions
+ *
+ * @type Object.
+ */
+$scope.modelOptions = {
+
+/**
+ * Space-delimited list of events on which the model will be updated.
+ *
+ * @type String
+ */
+updateOn : 'blur',
+
+/**
+ * The time zone to use when reading/writing the Date object of the
+ * model.
+ *
+ * @type String
+ */
+timezone : 'UTC'
+
+};
+
+/**
+ * The restrictions, as objects, that are used by the HTML template to
+ * present the restrictions to the user via the web interface.
+ */
+$scope.restrictions = [];
+
+/**
+ * Remove the current entry from the list.
+ *
+ * @param {type} entry
+ * A restriction entry.
+ */
+$scope.removeEntry = function removeEntry(entry) {
+if (entry === null || entry.$$hashKey === '') {
+return;
+}
+for (let i = 0; i < $scope.restrictions.length; i++) {
+if ($scope.restrictions[i].$$hashKey === entry.$$hashKey) {
+$scope.restrictions.splice(i,1);
+return;
+}
+}
+};
+
+/**
+ * Add an empty entry to the restriction list.
+ */
+$scope.addEntry = function addEntry() {
+$scope.restrictions.push({});
+};
+
+/**
+ * Parse the provided string into an array containing the objects that
+ * represent each of entries that can then be displayed as a more
+ * user-friendly field.
+ *
+ * @param {String} restrString
+ * The string that contains the restrictions, un-parsed and as stored
+ * in the underlying field.
+ *
+ * @returns {Array|Object}
+ * An array of objects that represents each of the entries as parsed
+ * out of the string field, and which can be interpreted by the
+ * AngularJS field for display.
+ */
+var parseRestrictions = function parseRestrictions(restrString) {
+
+var restrictions = [];
+
+// If the string is null or empty, just return an empty array
+if (restrString === null || restrString === "")
+return restrictions;
+
+// Set up the RegEx and split the string using the separator.
+var restrArray = restrString.split(";");
+
+// Loop through split string and process each item
+for (let i = 0; i < restrArray.length; i++) {
+var entry = {};
+entry.host = restrArray[i];
+restrictions.push(entry);
+}
+
+return restrictions;
+
+};
+
+/**
+ * Parse the restrictions in the field into a string that can be stored
+ * in an underlying module.
+ *
+ * @param {Object[]} restrictions
+ * The array of restrictions that will be converted to a string.
+ *
+ * @returns {String}
+ * The string containing the restriction data that can be stored in
e.g.
+ * a database.
+ */
+var storeRestrictions = function storeRestrictions(restrictions) {
Review Comment:
I don't think we have any official style guidance on this, but I generally
find it more clear to use `const` for things like this that are not expected to
be changed.
--
This is an automated message from the Apache Git Service.
To respond to the mess
[GitHub] [guacamole-client] jmuehlner commented on a diff in pull request #830: GUACAMOLE-1020: Implement extension to enable additional restrictions
jmuehlner commented on code in PR #830:
URL: https://github.com/apache/guacamole-client/pull/830#discussion_r1164443745
##
extensions/guacamole-auth-restrict/src/main/resources/controllers/timeRestrictionFieldController.js:
##
@@ -0,0 +1,222 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+/**
+ * Controller for time restriction fields, which are used to select weekday and
+ * time restrictions that apply to user logins and connections.
+ */
+angular.module('guacRestrict').controller('timeRestrictionFieldController',
['$scope', '$injector',
+function timeRestrictionFieldController($scope, $injector) {
+
+/**
+ * Options which dictate the behavior of the input field model, as defined
+ * by https://docs.angularjs.org/api/ng/directive/ngModelOptions
+ *
+ * @type Object.
+ */
+$scope.modelOptions = {
+
+/**
+ * Space-delimited list of events on which the model will be updated.
+ *
+ * @type String
+ */
+updateOn : 'blur',
+
+/**
+ * The time zone to use when reading/writing the Date object of the
+ * model.
+ *
+ * @type String
+ */
+timezone : 'UTC'
+
+};
+
+// Required types
+// const TimeRestrictionEntry = $injector.get('TimeRestrictionEntry');
+
+/**
+ * The restrictions, as objects, that are used by the HTML template to
+ * present the restrictions to the user via the web interface.
+ */
+$scope.restrictions = [];
+
+/**
+ * Map of weekday identifier to display name.
+ */
+$scope.weekDays = [
+{ id : 1, day : 'Monday' },
+{ id : 2, day : 'Tuesday' },
+{ id : 3, day : 'Wednesday' },
+{ id : 4, day : 'Thursday' },
+{ id : 5, day : 'Friday' },
+{ id : 6, day : 'Saturday' },
+{ id : 7, day : 'Sunday' }
+];
+
+/**
+ * Remove the current entry from the list.
+ *
+ * @param {type} entry
+ * A restriction entry.
+ */
+$scope.removeEntry = function removeEntry(entry) {
+if (entry === null || entry.$$hashKey === '') {
+return;
+}
+for (let i = 0; i < $scope.restrictions.length; i++) {
+if ($scope.restrictions[i].$$hashKey === entry.$$hashKey) {
+$scope.restrictions.splice(i,1);
+return;
+}
+}
+};
+
+/**
+ * Add an empty entry to the restriction list.
+ */
+$scope.addEntry = function addEntry() {
+$scope.restrictions.push({});
+};
+
+
+/**
+ * Parse the provided string into an array containing the objects that
+ * represent each of entries that can then be displayed as a more
+ * user-friendly field.
+ *
+ * @param {String} restrString
+ * The string that contains the restrictions, un-parsed and as stored
+ * in the underlying field.
+ *
+ * @returns {Array|Object}
+ * An array of objects that represents each of the entries as parsed
+ * out of the string field, and which can be interpreted by the
+ * AngularJS field for display.
+ */
+var parseRestrictions = function parseRestrictions(restrString) {
+
+var restrictions = [];
+
+// If the string is null or empty, just return an empty array
+if (restrString === null || restrString === "")
+return restrictions;
+
+// Set up the RegEx and split the string using the separator.
+const restrictionRegex = new
RegExp('^((?:[1-7]\-)?(?:[1-7]))?(?::((?:[01][0-9]|2[0-3])[0-5][0-9])\-((?:[01][0-9]|2[0-3])[0-5][0-9]))$');
+var restrArray = restrString.split(";");
+
+// Loop through split string and process each item
+for (let i = 0; i < restrArray.length; i++) {
+if (restrictionRegex.test(restrArray[i])) {
+var currArray = restrArray[i].match(restrictionRegex);
+var restrDays = currArray[1].split("-");
+
+if (restrDays.length > 1) {
+for (let j = restrDays[0]; j <= restrDa
[GitHub] [guacamole-client] jmuehlner commented on a diff in pull request #830: GUACAMOLE-1020: Implement extension to enable additional restrictions
jmuehlner commented on code in PR #830:
URL: https://github.com/apache/guacamole-client/pull/830#discussion_r1164442499
##
extensions/guacamole-auth-restrict/src/main/resources/controllers/timeRestrictionFieldController.js:
##
@@ -0,0 +1,222 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+/**
+ * Controller for time restriction fields, which are used to select weekday and
+ * time restrictions that apply to user logins and connections.
+ */
+angular.module('guacRestrict').controller('timeRestrictionFieldController',
['$scope', '$injector',
+function timeRestrictionFieldController($scope, $injector) {
+
+/**
+ * Options which dictate the behavior of the input field model, as defined
+ * by https://docs.angularjs.org/api/ng/directive/ngModelOptions
+ *
+ * @type Object.
+ */
+$scope.modelOptions = {
+
+/**
+ * Space-delimited list of events on which the model will be updated.
+ *
+ * @type String
+ */
+updateOn : 'blur',
+
+/**
+ * The time zone to use when reading/writing the Date object of the
+ * model.
+ *
+ * @type String
+ */
+timezone : 'UTC'
+
+};
+
+// Required types
+// const TimeRestrictionEntry = $injector.get('TimeRestrictionEntry');
+
+/**
+ * The restrictions, as objects, that are used by the HTML template to
+ * present the restrictions to the user via the web interface.
+ */
+$scope.restrictions = [];
+
+/**
+ * Map of weekday identifier to display name.
+ */
+$scope.weekDays = [
+{ id : 1, day : 'Monday' },
+{ id : 2, day : 'Tuesday' },
+{ id : 3, day : 'Wednesday' },
+{ id : 4, day : 'Thursday' },
+{ id : 5, day : 'Friday' },
+{ id : 6, day : 'Saturday' },
+{ id : 7, day : 'Sunday' }
+];
+
+/**
+ * Remove the current entry from the list.
+ *
+ * @param {type} entry
+ * A restriction entry.
+ */
+$scope.removeEntry = function removeEntry(entry) {
+if (entry === null || entry.$$hashKey === '') {
+return;
+}
+for (let i = 0; i < $scope.restrictions.length; i++) {
+if ($scope.restrictions[i].$$hashKey === entry.$$hashKey) {
+$scope.restrictions.splice(i,1);
+return;
+}
+}
+};
+
+/**
+ * Add an empty entry to the restriction list.
+ */
+$scope.addEntry = function addEntry() {
+$scope.restrictions.push({});
+};
+
+
+/**
+ * Parse the provided string into an array containing the objects that
+ * represent each of entries that can then be displayed as a more
+ * user-friendly field.
+ *
+ * @param {String} restrString
+ * The string that contains the restrictions, un-parsed and as stored
+ * in the underlying field.
+ *
+ * @returns {Array|Object}
Review Comment:
This doesn't look correct - this is saying that the return type could be an
array _or_ an object. An array of objects would be `Object[]`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
[GitHub] [guacamole-client] jmuehlner commented on a diff in pull request #830: GUACAMOLE-1020: Implement extension to enable additional restrictions
jmuehlner commented on code in PR #830:
URL: https://github.com/apache/guacamole-client/pull/830#discussion_r1164422585
##
extensions/guacamole-auth-restrict/src/main/resources/types/timeRestrictionEntry.js:
##
@@ -0,0 +1,69 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+/**
+ * Provides the TimeRestrictionEntry class definition.
+ */
+angular.module('guacRestrict').factory('timeRestrictionEntry', ['$injector',
+function defineTimeRestrictionEntry($injector) {
+
+/**
+ * Creates a new TimeRestrictionEntry, initializing the properties of that
+ * TimeRestrictionEntry with the corresponding properties of the given
+ * template.
+ *
+ * @constructor
+ * @param {TimeRestrictionEntry|Object} [template={}]
+ * The object whose properties should be copied within the new
+ * TimeRestrictionEntry.
+ */
+var TimeRestrictionEntry = function TimeRestrictionEntry(template) {
+
+// Use empty object by default
+template = template || {};
+
+/**
+ * The numerical representation of the day of the week this restriction
+ * applies to.
+ *
+ * @type Number
+ */
+this.weekDay = template.weekDay;
+
+/**
+ * The hour aand minute that this restriction starts, in 24-hour time,
Review Comment:
Typo: `aand`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
