/**
* Create the given user permissions for the given user.
*
* @param user_id The ID of the user to change the permissions of.
* @param permissions The new permissions the given user should have when this operation
* completes.
* @throws GuacamoleException If permission to alter the access permissions of affected objects is
* denied.
*/
private void createUserPermissions(int user_id, Collection<UserPermission> permissions)
throws GuacamoleException {
// If no permissions given, stop now
if (permissions.isEmpty()) return;
// Get list of administerable user IDs
List<Integer> administerableUserIDs =
permissionCheckService.retrieveUserIDs(this.user_id, MySQLConstants.USER_ADMINISTER);
// Get set of usernames corresponding to administerable users
Map<String, Integer> administerableUsers =
userService.translateUsernames(administerableUserIDs);
// Insert all given permissions
for (UserPermission permission : permissions) {
// Get original ID
Integer affected_id = administerableUsers.get(permission.getObjectIdentifier());
// Verify that the user actually has permission to administrate
// every one of these users
if (affected_id == null)
throw new GuacamoleSecurityException(
"User #"
+ this.user_id
+ " does not have permission to administrate user "
+ permission.getObjectIdentifier());
// Create new permission
UserPermissionKey newPermission = new UserPermissionKey();
newPermission.setUser_id(user_id);
newPermission.setPermission(MySQLConstants.getUserConstant(permission.getType()));
newPermission.setAffected_user_id(affected_id);
userPermissionDAO.insert(newPermission);
}
}
@Override
@Transactional
public void add(net.sourceforge.guacamole.net.auth.User object) throws GuacamoleException {
String username = object.getUsername().trim();
if (username.isEmpty()) throw new GuacamoleClientException("The username cannot be blank.");
// Verify current user has permission to create users
permissionCheckService.verifySystemAccess(this.user_id, MySQLConstants.SYSTEM_USER_CREATE);
Preconditions.checkNotNull(object);
// Verify that no user already exists with this username.
MySQLUser previousUser = userService.retrieveUser(username);
if (previousUser != null)
throw new GuacamoleClientException("That username is already in use.");
// Create new user
MySQLUser user = userService.createUser(username, object.getPassword());
// Create permissions of new user in database
createPermissions(user.getUserID(), object.getPermissions());
// Give the current user full access to the newly created user.
UserPermissionKey newUserPermission = new UserPermissionKey();
newUserPermission.setUser_id(this.user_id);
newUserPermission.setAffected_user_id(user.getUserID());
// READ permission on new user
newUserPermission.setPermission(MySQLConstants.USER_READ);
userPermissionDAO.insert(newUserPermission);
// UPDATE permission on new user
newUserPermission.setPermission(MySQLConstants.USER_UPDATE);
userPermissionDAO.insert(newUserPermission);
// DELETE permission on new user
newUserPermission.setPermission(MySQLConstants.USER_DELETE);
userPermissionDAO.insert(newUserPermission);
// ADMINISTER permission on new user
newUserPermission.setPermission(MySQLConstants.USER_ADMINISTER);
userPermissionDAO.insert(newUserPermission);
}