| <?xml version="1.0" encoding="UTF-8" ?> |
| <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" |
| "http://mybatis.org/dtd/mybatis-3-mapper.dtd" > |
| |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| --> |
| |
| <mapper namespace="org.apache.guacamole.auth.jdbc.permission.UserPermissionMapper" > |
| |
| <!-- Result mapper for user permissions --> |
| <resultMap id="UserPermissionResultMap" type="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel"> |
| <result column="entity_id" property="entityID" jdbcType="INTEGER"/> |
| <result column="permission" property="type" jdbcType="VARCHAR" |
| javaType="org.apache.guacamole.net.auth.permission.ObjectPermission$Type"/> |
| <result column="affected_name" property="objectIdentifier" jdbcType="INTEGER"/> |
| </resultMap> |
| |
| <!-- Select all permissions for a given entity --> |
| <select id="select" resultMap="UserPermissionResultMap"> |
| |
| SELECT DISTINCT |
| #{entity.entityID,jdbcType=INTEGER} AS entity_id, |
| permission, |
| affected_entity.name AS affected_name |
| FROM [guacamole_user_permission] |
| JOIN [guacamole_user] affected_user ON [guacamole_user_permission].affected_user_id = affected_user.user_id |
| JOIN [guacamole_entity] affected_entity ON affected_user.entity_id = affected_entity.entity_id |
| WHERE |
| <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> |
| <property name="column" value="[guacamole_user_permission].entity_id"/> |
| <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> |
| <property name="groups" value="effectiveGroups"/> |
| </include> |
| AND affected_entity.type = 'USER' |
| |
| </select> |
| |
| <!-- Select the single permission matching the given criteria --> |
| <select id="selectOne" resultMap="UserPermissionResultMap"> |
| |
| SELECT DISTINCT |
| #{entity.entityID,jdbcType=INTEGER} AS entity_id, |
| permission, |
| affected_entity.name AS affected_name |
| FROM [guacamole_user_permission] |
| JOIN [guacamole_user] affected_user ON [guacamole_user_permission].affected_user_id = affected_user.user_id |
| JOIN [guacamole_entity] affected_entity ON affected_user.entity_id = affected_entity.entity_id |
| WHERE |
| <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> |
| <property name="column" value="[guacamole_user_permission].entity_id"/> |
| <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> |
| <property name="groups" value="effectiveGroups"/> |
| </include> |
| AND permission = #{type,jdbcType=VARCHAR} |
| AND affected_entity.name = #{identifier,jdbcType=VARCHAR} |
| AND affected_entity.type = 'USER' |
| |
| </select> |
| |
| <!-- Select identifiers accessible by the given entity for the given permissions --> |
| <select id="selectAccessibleIdentifiers" resultType="string"> |
| |
| SELECT DISTINCT affected_entity.name |
| FROM [guacamole_user_permission] |
| JOIN [guacamole_user] affected_user ON [guacamole_user_permission].affected_user_id = affected_user.user_id |
| JOIN [guacamole_entity] affected_entity ON affected_user.entity_id = affected_entity.entity_id |
| WHERE |
| <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity"> |
| <property name="column" value="[guacamole_user_permission].entity_id"/> |
| <property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/> |
| <property name="groups" value="effectiveGroups"/> |
| </include> |
| AND affected_entity.name IN |
| <foreach collection="identifiers" item="identifier" |
| open="(" separator="," close=")"> |
| #{identifier,jdbcType=VARCHAR} |
| </foreach> |
| AND permission IN |
| <foreach collection="permissions" item="permission" |
| open="(" separator="," close=")"> |
| #{permission,jdbcType=VARCHAR} |
| </foreach> |
| AND affected_entity.type = 'USER' |
| |
| </select> |
| |
| <!-- Delete all given permissions --> |
| <delete id="delete" parameterType="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel"> |
| |
| DELETE [guacamole_user_permission] |
| FROM [guacamole_user_permission] |
| JOIN [guacamole_user] affected_user ON [guacamole_user_permission].affected_user_id = affected_user.user_id |
| JOIN [guacamole_entity] affected_entity ON affected_user.entity_id = affected_entity.entity_id |
| WHERE |
| <foreach collection="permissions" item="permission" |
| open="(" separator=" OR " close=")"> |
| ([guacamole_user_permission].entity_id = #{permission.entityID,jdbcType=INTEGER} AND |
| permission = #{permission.type,jdbcType=VARCHAR} AND |
| affected_entity.name = #{permission.objectIdentifier,jdbcType=VARCHAR} AND |
| affected_entity.type = 'USER') |
| </foreach> |
| |
| </delete> |
| |
| <!-- Insert all given permissions --> |
| <insert id="insert" parameterType="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel"> |
| |
| INSERT INTO [guacamole_user_permission] ( |
| entity_id, |
| permission, |
| affected_user_id |
| ) |
| SELECT DISTINCT |
| permissions.entity_id, |
| permissions.permission, |
| affected_user.user_id |
| FROM |
| <foreach collection="permissions" item="permission" |
| open="(" separator="UNION ALL" close=")"> |
| SELECT #{permission.entityID,jdbcType=INTEGER} AS entity_id, |
| #{permission.type,jdbcType=VARCHAR} AS permission, |
| #{permission.objectIdentifier,jdbcType=INTEGER} AS affected_name |
| </foreach> |
| AS permissions |
| JOIN [guacamole_entity] affected_entity ON |
| affected_entity.name = permissions.affected_name |
| AND affected_entity.type = 'USER' |
| JOIN [guacamole_user] affected_user ON affected_user.entity_id = affected_entity.entity_id |
| WHERE NOT EXISTS (SELECT 1 FROM [guacamole_user_permission] |
| WHERE [guacamole_user_permission].entity_id = permissions.entity_id |
| AND [guacamole_user_permission].permission = permissions.permission |
| AND [guacamole_user_permission].affected_user_id = affected_user.user_id |
| ); |
| |
| </insert> |
| |
| </mapper> |