GUACAMOLE-220: Add base extension API support for user groups.

[mike-jumper]

This change adds the base classes necessary for exposing user groups via extensions, and for declaring the permissions which apply to a user but are not necessarily directly granted to that user.

Overall, this involves:

• A new UserGroup interface, as well as the usual DelegatingUserGroup, and Directory<UserGroup> on UserContext.
• A new base interface, Permissions, which User and UserGroup share, defining the interface common to any object which can be granted permissions.
• A new getEffectivePermissions() function on User which returns a Permissions that represents all permissions which apply to the user, even if those permissions are inherited through some arbitrary means (such as user groups). The traditional getUserPermissions(), getConnectionPermissions(), etc. directly on the User return permission sets which describe permissions which are directly granted only.
• A new getEffectiveUserGroups() function on AuthenticatedUser which allows implementations to expose the identity of a user's group memberships in addition to the user's own identity. This forms the means by which membership in groups can be shared across extensions (for example, LDAP group membership can affect a user in MySQL so long as an identical MySQL group exists, even if that user does not exist in MySQL).
• A new RelatedObjectSet interface, similar to PermissionSet, which abstracts batch add/remove operations on a group of objects sharing some arbitrary relation, such as the member users of a user group, the parent user groups of a user, etc. This allows relations between specific objects to be established or removed without affecting the existence of those objects (as Directory would require) nor necessarily other relations to those objects.

The user groups themselves are exposed via a Directory<UserGroup> at the UserContext level, like all other objects. A new ObjectPermissionSet for user group permissions is exposed within Permissions. User membership within groups, group membership within groups, the set of groups containing a particular user, and the set of groups containing a particular group can all be maintained through the various getters returning RelatedObjectSet instances.

Other than (1) updating the REST services and JavaScript to use effective permissions rather than directly-granted permissions and (2) any stubs necessary to allow the database auth to continue working, no changes outside the API are made here.

Assuming these changes move forward, I will open further pull requests for the REST API changes, interface changes, and finally database auth changes.

[necouchman]

Took a first pass at it. Looks really good to me - just minor questions/comments.

[necouchman]

Is there a reason that getUserGroups() and getMemberUserGroups() are both necessary? Based on the stubs and descriptions, here, they look identical? I see that they're both implemented in DelegatingUserGroup, but they have identical implementations, there, and getMemberUserGroups() does not appear to be used anywhere outside of there?

[mike-jumper]

getUserGroups() returns the user groups of which the current group is a member, while getMemberUserGroups() returns the user groups which are members of the current group.

[necouchman]

Okay, in that case, the comments above the code need to be updated. The comment above getUserGroups() says:

Returns a set of all readable user groups that are members of this user group.

and the comment above getMemberUserGroups() starts with:

Returns a set of all readable user groups that are members of this user group.

Also, the @return comment seems to be identical for both of them?

[mike-jumper]

Oops.

[mike-jumper]

OK - this should now be corrected.

[necouchman]

Do you think there's any value to implementing a AbstractRelatedObjectSet class like you've done for several of the other Simple classes, that implements a bunch of these default behaviors? Perhaps not initially useful for the JDBC extension, but is it something that would be helpful as other extensions implement the RelatedObjectSet class without having to rely on the behavior of SimpleRelatedObjectSet?

[mike-jumper]

In principle, yes, but I'm not sure what that would be. There are only two functions that are effectively unimplemented by SimpleRelatedObjectSet:

1. addObjects()
2. removeObjects()

both of which make changes to the RelatedObjectSet in a way that would be implementation dependent. It does make sense to provide default behaviors, but I don't think there are any sensible default behaviors we can provide here.

[necouchman]

Make sense.

[necouchman]

In the ConnectionGroupTree class you did:

Permissions effective = userContext.self().getEffectivePermissions();

eliminating the need for the existence of the self object. Any reason not to do the same, here?

[mike-jumper]

Nope. Sounds fine to me. I'll make the change.

[necouchman]

Same note as above - any reason not to do

Permissions effective = userContext.self().getEffectivePermissions()

?

[mike-jumper]

Nope. No reason. Will do.

[necouchman]

As with previous places, guessing these two lines could be collapsed...

[mike-jumper]

Yup, I agree.

[necouchman]

A few more style/grammar nitpicks.

[necouchman]

Extra line added, here - seems like most files have a single space between import and class documentation.

[necouchman]

Missing period at the end of this sentence.

[necouchman]

"may be implied"

[mike-jumper]

OK, I believe I've addressed the issues above, with the exception of adding a AbstractRelatedObjectSet (as I am unable to define a set of default behaviors that is not already provided by SimpleRelatedObjectSet).

[necouchman]

Cool - will try to review one last time tonight and get it merged.

[necouchman]

Looks great, about to merge.