Esempio n. 1
0
  @Transactional
  @Override
  public net.sourceforge.guacamole.net.auth.User get(String identifier) throws GuacamoleException {

    // Get user
    MySQLUser user = userService.retrieveUser(identifier);

    // Verify access is granted
    permissionCheckService.verifyUserAccess(
        this.user_id, user.getUserID(), MySQLConstants.USER_READ);

    // Return user
    return userService.retrieveUser(identifier);
  }
Esempio n. 2
0
  @Override
  @Transactional
  public void update(net.sourceforge.guacamole.net.auth.User object) throws GuacamoleException {

    // If user not actually from this auth provider, we can't handle updated
    // permissions.
    if (!(object instanceof MySQLUser)) throw new GuacamoleException("User not from database.");

    MySQLUser mySQLUser = (MySQLUser) object;

    // Validate permission to update this user is granted
    permissionCheckService.verifyUserAccess(
        this.user_id, mySQLUser.getUserID(), MySQLConstants.USER_UPDATE);

    // Update the user in the database
    userService.updateUser(mySQLUser);

    // Update permissions in database
    createPermissions(mySQLUser.getUserID(), mySQLUser.getNewPermissions());
    removePermissions(mySQLUser.getUserID(), mySQLUser.getRemovedPermissions());

    // The appropriate permissions have been inserted and deleted, so
    // reset the new and removed permission sets.
    mySQLUser.resetPermissions();
  }
Esempio n. 3
0
  @Override
  @Transactional
  public void remove(String identifier) throws GuacamoleException {

    // Get user pending deletion
    MySQLUser user = userService.retrieveUser(identifier);

    // Prevent self-deletion
    if (user.getUserID() == this.user_id)
      throw new GuacamoleClientException("Deleting your own user is not allowed.");

    // Validate current user has permission to remove the specified user
    permissionCheckService.verifyUserAccess(
        this.user_id, user.getUserID(), MySQLConstants.USER_DELETE);

    // Delete specified user
    userService.deleteUser(user.getUserID());
  }
Esempio n. 4
0
  @Override
  @Transactional
  public void add(net.sourceforge.guacamole.net.auth.User object) throws GuacamoleException {

    String username = object.getUsername().trim();
    if (username.isEmpty()) throw new GuacamoleClientException("The username cannot be blank.");

    // Verify current user has permission to create users
    permissionCheckService.verifySystemAccess(this.user_id, MySQLConstants.SYSTEM_USER_CREATE);
    Preconditions.checkNotNull(object);

    // Verify that no user already exists with this username.
    MySQLUser previousUser = userService.retrieveUser(username);
    if (previousUser != null)
      throw new GuacamoleClientException("That username is already in use.");

    // Create new user
    MySQLUser user = userService.createUser(username, object.getPassword());

    // Create permissions of new user in database
    createPermissions(user.getUserID(), object.getPermissions());

    // Give the current user full access to the newly created user.
    UserPermissionKey newUserPermission = new UserPermissionKey();
    newUserPermission.setUser_id(this.user_id);
    newUserPermission.setAffected_user_id(user.getUserID());

    // READ permission on new user
    newUserPermission.setPermission(MySQLConstants.USER_READ);
    userPermissionDAO.insert(newUserPermission);

    // UPDATE permission on new user
    newUserPermission.setPermission(MySQLConstants.USER_UPDATE);
    userPermissionDAO.insert(newUserPermission);

    // DELETE permission on new user
    newUserPermission.setPermission(MySQLConstants.USER_DELETE);
    userPermissionDAO.insert(newUserPermission);

    // ADMINISTER permission on new user
    newUserPermission.setPermission(MySQLConstants.USER_ADMINISTER);
    userPermissionDAO.insert(newUserPermission);
  }
Esempio n. 5
0
  /**
   * Delete permissions having to do with users for a given user.
   *
   * @param user_id The ID of the user to change the permissions of.
   * @param permissions The permissions the given user should no longer have when this operation
   *     completes.
   * @throws GuacamoleException If permission to alter the access permissions of affected objects is
   *     denied.
   */
  private void deleteUserPermissions(int user_id, Collection<UserPermission> permissions)
      throws GuacamoleException {

    // If no permissions given, stop now
    if (permissions.isEmpty()) return;

    // Get list of administerable user IDs
    List<Integer> administerableUserIDs =
        permissionCheckService.retrieveUserIDs(this.user_id, MySQLConstants.USER_ADMINISTER);

    // Get set of usernames corresponding to administerable users
    Map<String, Integer> administerableUsers =
        userService.translateUsernames(administerableUserIDs);

    // Delete requested permissions
    for (UserPermission permission : permissions) {

      // Get original ID
      Integer affected_id = administerableUsers.get(permission.getObjectIdentifier());

      // Verify that the user actually has permission to administrate
      // every one of these users
      if (affected_id == null)
        throw new GuacamoleSecurityException(
            "User #"
                + this.user_id
                + " does not have permission to administrate user "
                + permission.getObjectIdentifier());

      // Delete requested permission
      UserPermissionExample userPermissionExample = new UserPermissionExample();
      userPermissionExample
          .createCriteria()
          .andUser_idEqualTo(user_id)
          .andPermissionEqualTo(MySQLConstants.getUserConstant(permission.getType()))
          .andAffected_user_idEqualTo(affected_id);
      userPermissionDAO.deleteByExample(userPermissionExample);
    }
  }