/**
* Delete permissions having to do with connections for a given user.
*
* @param user_id The ID of the user to change the permissions of.
* @param permissions The permissions the given user should no longer have when this operation
* completes.
* @throws GuacamoleException If permission to alter the access permissions of affected objects is
* denied.
*/
private void deleteConnectionPermissions(
int user_id, Collection<ConnectionPermission> permissions) throws GuacamoleException {
// If no permissions given, stop now
if (permissions.isEmpty()) return;
// Get list of administerable connection IDs
List<Integer> administerableConnectionIDs =
permissionCheckService.retrieveConnectionIDs(
this.user_id, MySQLConstants.CONNECTION_ADMINISTER);
// Get set of names corresponding to administerable connections
Map<String, Integer> administerableConnections =
connectionService.translateNames(administerableConnectionIDs);
// Delete requested permissions
for (ConnectionPermission permission : permissions) {
// Get original ID
Integer connection_id = administerableConnections.get(permission.getObjectIdentifier());
// Verify that the user actually has permission to administrate
// every one of these connections
if (connection_id == null)
throw new GuacamoleSecurityException(
"User #"
+ this.user_id
+ " does not have permission to administrate connection "
+ permission.getObjectIdentifier());
ConnectionPermissionExample connectionPermissionExample = new ConnectionPermissionExample();
connectionPermissionExample
.createCriteria()
.andUser_idEqualTo(user_id)
.andPermissionEqualTo(MySQLConstants.getConnectionConstant(permission.getType()))
.andConnection_idEqualTo(connection_id);
connectionPermissionDAO.deleteByExample(connectionPermissionExample);
}
}
/**
* Create any new permissions having to do with connections for a given user.
*
* @param user_id The ID of the user to assign or remove permissions from.
* @param permissions The new permissions the user should have after this operation completes.
* @throws GuacamoleException If permission to alter the access permissions of affected objects is
* deniedD
*/
private void createConnectionPermissions(
int user_id, Collection<ConnectionPermission> permissions) throws GuacamoleException {
// If no permissions given, stop now
if (permissions.isEmpty()) return;
// Get list of administerable connection IDs
List<Integer> administerableConnectionIDs =
permissionCheckService.retrieveConnectionIDs(
this.user_id, MySQLConstants.CONNECTION_ADMINISTER);
// Get set of names corresponding to administerable connections
Map<String, Integer> administerableConnections =
connectionService.translateNames(administerableConnectionIDs);
// Insert all given permissions
for (ConnectionPermission permission : permissions) {
// Get original ID
Integer connection_id = administerableConnections.get(permission.getObjectIdentifier());
// Throw exception if permission to administer this connection
// is not granted
if (connection_id == null)
throw new GuacamoleSecurityException(
"User #"
+ this.user_id
+ " does not have permission to administrate connection "
+ permission.getObjectIdentifier());
// Create new permission
ConnectionPermissionKey newPermission = new ConnectionPermissionKey();
newPermission.setUser_id(user_id);
newPermission.setPermission(MySQLConstants.getConnectionConstant(permission.getType()));
newPermission.setConnection_id(connection_id);
connectionPermissionDAO.insert(newPermission);
}
}