guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Couchman <vn...@apache.org>
Subject Re: how to prohibit common users to change ther permissions througth api
Date Thu, 28 Dec 2017 03:08:30 GMT
On Wed, Dec 27, 2017 at 21:59 feifei0814a <870487116@qq.com> wrote:

> <p>I know you said users cannot change their own permissions on the HTML5
> website, it looks just like </p>
> <
> http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/file/t476/44.png
> >
> <p>and my admin user's page is</p>
> <
> http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/file/t476/55.png
> >
> <p>and the user 'seu_test' has no permissions</p>
> <
> http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/file/t476/66.png
> >
>
> <p>And I can change user 'seu_test' permission through the API use PATCH
> function with HTML in postman tool</p>
> <
> http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/file/t476/88.png
> >
> <p>You can find that the responce is 204 and the user 'seu_test' now has
> the
> administer permission.</p>
> <
> http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/file/t476/99.png
> >


Are you absolutely certain, when running this through postman, that the
token you're using belongs to the seu_test user, and not to the guacadmin
user?  The screenshots did not provide enough detail to verify that you're
using the correct token from the correct logon for toys operation.

-Nick



>
> <p>I download the guacamole-client and auth-jdbc from official website and
> the version is 0.9.13. So, I don't know how to change the source code in
> order to forbid common users change their permission through the API with
> patch function</p>
>
>
>
>
>
>
>
>
>
> --
> Sent from:
> http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
>

Mime
View raw message