/**
* Create any new system permissions for a given user. All permissions in the given list will be
* inserted.
*
* @param user_id The ID of the user whose permissions should be updated.
* @param permissions The new system permissions that the given user should have when this
* operation completes.
* @throws GuacamoleException If permission to administer system permissions is denied.
*/
private void createSystemPermissions(int user_id, Collection<SystemPermission> permissions)
throws GuacamoleException {
// If no permissions given, stop now
if (permissions.isEmpty()) return;
// Only a system administrator can add system permissions.
permissionCheckService.verifySystemAccess(
this.user_id, SystemPermission.Type.ADMINISTER.name());
// Insert all requested permissions
for (SystemPermission permission : permissions) {
// Insert permission
SystemPermissionKey newSystemPermission = new SystemPermissionKey();
newSystemPermission.setUser_id(user_id);
newSystemPermission.setPermission(MySQLConstants.getSystemConstant(permission.getType()));
systemPermissionDAO.insert(newSystemPermission);
}
}
/**
* Delete system permissions for a given user. All permissions in the given list will be removed
* from the user.
*
* @param user_id The ID of the user whose permissions should be updated.
* @param permissions The permissions the given user should no longer have when this operation
* completes.
* @throws GuacamoleException If the permissions specified could not be removed due to system
* restrictions.
*/
private void deleteSystemPermissions(int user_id, Collection<SystemPermission> permissions)
throws GuacamoleException {
// If no permissions given, stop now
if (permissions.isEmpty()) return;
// Prevent self-de-adminifying
if (user_id == this.user_id)
throw new GuacamoleClientException(
"Removing your own administrative permissions is not allowed.");
// Build list of requested system permissions
List<String> systemPermissionTypes = new ArrayList<String>();
for (SystemPermission permission : permissions)
systemPermissionTypes.add(MySQLConstants.getSystemConstant(permission.getType()));
// Delete the requested system permissions for this user
SystemPermissionExample systemPermissionExample = new SystemPermissionExample();
systemPermissionExample
.createCriteria()
.andUser_idEqualTo(user_id)
.andPermissionIn(systemPermissionTypes);
systemPermissionDAO.deleteByExample(systemPermissionExample);
}