示例#1
0
  /**
   * Delete permissions having to do with connections for a given user.
   *
   * @param user_id The ID of the user to change the permissions of.
   * @param permissions The permissions the given user should no longer have when this operation
   *     completes.
   * @throws GuacamoleException If permission to alter the access permissions of affected objects is
   *     denied.
   */
  private void deleteConnectionPermissions(
      int user_id, Collection<ConnectionPermission> permissions) throws GuacamoleException {

    // If no permissions given, stop now
    if (permissions.isEmpty()) return;

    // Get list of administerable connection IDs
    List<Integer> administerableConnectionIDs =
        permissionCheckService.retrieveConnectionIDs(
            this.user_id, MySQLConstants.CONNECTION_ADMINISTER);

    // Get set of names corresponding to administerable connections
    Map<String, Integer> administerableConnections =
        connectionService.translateNames(administerableConnectionIDs);

    // Delete requested permissions
    for (ConnectionPermission permission : permissions) {

      // Get original ID
      Integer connection_id = administerableConnections.get(permission.getObjectIdentifier());

      // Verify that the user actually has permission to administrate
      // every one of these connections
      if (connection_id == null)
        throw new GuacamoleSecurityException(
            "User #"
                + this.user_id
                + " does not have permission to administrate connection "
                + permission.getObjectIdentifier());

      ConnectionPermissionExample connectionPermissionExample = new ConnectionPermissionExample();
      connectionPermissionExample
          .createCriteria()
          .andUser_idEqualTo(user_id)
          .andPermissionEqualTo(MySQLConstants.getConnectionConstant(permission.getType()))
          .andConnection_idEqualTo(connection_id);
      connectionPermissionDAO.deleteByExample(connectionPermissionExample);
    }
  }
示例#2
0
  /**
   * Create any new permissions having to do with connections for a given user.
   *
   * @param user_id The ID of the user to assign or remove permissions from.
   * @param permissions The new permissions the user should have after this operation completes.
   * @throws GuacamoleException If permission to alter the access permissions of affected objects is
   *     deniedD
   */
  private void createConnectionPermissions(
      int user_id, Collection<ConnectionPermission> permissions) throws GuacamoleException {

    // If no permissions given, stop now
    if (permissions.isEmpty()) return;

    // Get list of administerable connection IDs
    List<Integer> administerableConnectionIDs =
        permissionCheckService.retrieveConnectionIDs(
            this.user_id, MySQLConstants.CONNECTION_ADMINISTER);

    // Get set of names corresponding to administerable connections
    Map<String, Integer> administerableConnections =
        connectionService.translateNames(administerableConnectionIDs);

    // Insert all given permissions
    for (ConnectionPermission permission : permissions) {

      // Get original ID
      Integer connection_id = administerableConnections.get(permission.getObjectIdentifier());

      // Throw exception if permission to administer this connection
      // is not granted
      if (connection_id == null)
        throw new GuacamoleSecurityException(
            "User #"
                + this.user_id
                + " does not have permission to administrate connection "
                + permission.getObjectIdentifier());

      // Create new permission
      ConnectionPermissionKey newPermission = new ConnectionPermissionKey();
      newPermission.setUser_id(user_id);
      newPermission.setPermission(MySQLConstants.getConnectionConstant(permission.getType()));
      newPermission.setConnection_id(connection_id);
      connectionPermissionDAO.insert(newPermission);
    }
  }