Github user necouchman commented on a diff in the pull request:
https://github.com/apache/guacamole-client/pull/319#discussion_r221436490
--- Diff:
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/RelatedObjectSet.java
---
@@ -0,0 +1,211 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.jdbc.base;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Set;
+import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.GuacamoleSecurityException;
+import org.apache.guacamole.net.auth.permission.ObjectPermission;
+import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
+
+/**
+ * A database implementation of RelatedObjectSet which provides access to a
+ * parent object and corresponding set of objects related to the parent,
subject
+ * to object-level permissions. Though the parent and child objects have
+ * specific types, only the parent object's type is enforced through type
+ * parameters, as child objects are represented by identifiers only.
+ *
+ * @param <ParentObjectType>
+ * The type of object that represents the parent side of the relation.
+ *
+ * @param <ParentModelType>
+ * The underlying database model of the parent object.
+ */
+public abstract class RelatedObjectSet<ParentObjectType extends
ModeledDirectoryObject<ParentModelType>, ParentModelType extends ObjectModel>
+ extends RestrictedObject implements
org.apache.guacamole.net.auth.RelatedObjectSet {
+
+ /**
+ * The parent object which shares some arbitrary relation with the
objects
+ * within this set.
+ */
+ private ParentObjectType parent;
+
+ /**
+ * Creates a new RelatedObjectSet. The resulting object set must still
be
+ * initialized by a call to init().
+ */
+ public RelatedObjectSet() {
+ }
+
+ /**
+ * Initializes this RelatedObjectSet with the current user and the
single
+ * object on the parent side of the one-to-many relation represented
by the
+ * set.
+ *
+ * @param currentUser
+ * The user who queried this RelatedObjectSet, and whose
permissions
+ * dictate the access level of all operations performed on this
set.
+ *
+ * @param parent
+ * The parent object which shares some arbitrary relation with the
+ * objects within this set.
+ */
+ public void init(ModeledAuthenticatedUser currentUser,
ParentObjectType parent) {
+ super.init(currentUser);
+ this.parent = parent;
+ }
+
+ /**
+ * Returns the mapper which provides low-level access to the the
database
+ * models which drive the relation represented by this
RelatedObjectSet.
+ *
+ * @return
+ * The mapper which provides low-level access to the the database
+ * models which drive the relation represented by this
+ * RelatedObjectSet.
+ */
+ protected abstract ObjectRelationMapper<ParentModelType>
getObjectRelationMapper();
+
+ /**
+ * Returns the permission set which exposes the effective permissions
+ * available to the current user regarding the objects on the parent
side
+ * of the one-to-many relationship represented by this
RelatedObjectSet.
+ * Permission inheritance through user groups is taken into account.
+ *
+ * @return
+ * The permission set which exposes the effective permissions
+ * available to the current user regarding the objects on the
parent
+ * side of the one-to-many relationship represented by this
+ * RelatedObjectSet.
+ *
+ * @throws GuacamoleException
+ * If permission to query permission status is denied.
+ */
+ protected abstract ObjectPermissionSet
getParentObjectEffectivePermissionSet()
+ throws GuacamoleException;
+
+ /**
+ * Returns the permission set which exposes the effective permissions
+ * available to the current user regarding the objects on the child
side
+ * of the one-to-many relationship represented by this
RelatedObjectSet.
+ * Permission inheritance through user groups is taken into account.
+ *
+ * @return
+ * The permission set which exposes the effective permissions
+ * available to the current user regarding the objects on the child
+ * side of the one-to-many relationship represented by this
+ * RelatedObjectSet.
+ *
+ * @throws GuacamoleException
+ * If permission to query permission status is denied.
+ */
+ protected abstract ObjectPermissionSet
getChildObjectEffectivePermissionSet()
+ throws GuacamoleException;
+
+ /**
+ * Returns whether the current user has permission to alter that
status of
--- End diff --
that status -> the status
---
