/**
   * Create the given user permissions for the given user.
   *
   * @param user_id The ID of the user to change the permissions of.
   * @param permissions The new permissions the given user should have when this operation
   *     completes.
   * @throws GuacamoleException If permission to alter the access permissions of affected objects is
   *     denied.
   */
  private void createUserPermissions(int user_id, Collection<UserPermission> permissions)
      throws GuacamoleException {

    // If no permissions given, stop now
    if (permissions.isEmpty()) return;

    // Get list of administerable user IDs
    List<Integer> administerableUserIDs =
        permissionCheckService.retrieveUserIDs(this.user_id, MySQLConstants.USER_ADMINISTER);

    // Get set of usernames corresponding to administerable users
    Map<String, Integer> administerableUsers =
        userService.translateUsernames(administerableUserIDs);

    // Insert all given permissions
    for (UserPermission permission : permissions) {

      // Get original ID
      Integer affected_id = administerableUsers.get(permission.getObjectIdentifier());

      // Verify that the user actually has permission to administrate
      // every one of these users
      if (affected_id == null)
        throw new GuacamoleSecurityException(
            "User #"
                + this.user_id
                + " does not have permission to administrate user "
                + permission.getObjectIdentifier());

      // Create new permission
      UserPermissionKey newPermission = new UserPermissionKey();
      newPermission.setUser_id(user_id);
      newPermission.setPermission(MySQLConstants.getUserConstant(permission.getType()));
      newPermission.setAffected_user_id(affected_id);
      userPermissionDAO.insert(newPermission);
    }
  }
  @Override
  @Transactional
  public void add(net.sourceforge.guacamole.net.auth.User object) throws GuacamoleException {

    String username = object.getUsername().trim();
    if (username.isEmpty()) throw new GuacamoleClientException("The username cannot be blank.");

    // Verify current user has permission to create users
    permissionCheckService.verifySystemAccess(this.user_id, MySQLConstants.SYSTEM_USER_CREATE);
    Preconditions.checkNotNull(object);

    // Verify that no user already exists with this username.
    MySQLUser previousUser = userService.retrieveUser(username);
    if (previousUser != null)
      throw new GuacamoleClientException("That username is already in use.");

    // Create new user
    MySQLUser user = userService.createUser(username, object.getPassword());

    // Create permissions of new user in database
    createPermissions(user.getUserID(), object.getPermissions());

    // Give the current user full access to the newly created user.
    UserPermissionKey newUserPermission = new UserPermissionKey();
    newUserPermission.setUser_id(this.user_id);
    newUserPermission.setAffected_user_id(user.getUserID());

    // READ permission on new user
    newUserPermission.setPermission(MySQLConstants.USER_READ);
    userPermissionDAO.insert(newUserPermission);

    // UPDATE permission on new user
    newUserPermission.setPermission(MySQLConstants.USER_UPDATE);
    userPermissionDAO.insert(newUserPermission);

    // DELETE permission on new user
    newUserPermission.setPermission(MySQLConstants.USER_DELETE);
    userPermissionDAO.insert(newUserPermission);

    // ADMINISTER permission on new user
    newUserPermission.setPermission(MySQLConstants.USER_ADMINISTER);
    userPermissionDAO.insert(newUserPermission);
  }