diff --git a/guacamole/src/main/frontend/src/app/manage/directives/systemPermissionEditor.js b/guacamole/src/main/frontend/src/app/manage/directives/systemPermissionEditor.js index 78377a7d50..079c0d03ff 100644 --- a/guacamole/src/main/frontend/src/app/manage/directives/systemPermissionEditor.js +++ b/guacamole/src/main/frontend/src/app/manage/directives/systemPermissionEditor.js @@ -121,6 +121,10 @@ angular.module('manage').directive('systemPermissionEditor', ['$injector', label: "MANAGE_USER.FIELD_HEADER_ADMINISTER_SYSTEM", value: PermissionSet.SystemPermissionType.ADMINISTER }, + { + label: "MANAGE_USER.FIELD_HEADER_AUDIT_SYSTEM", + value: PermissionSet.SystemPermissionType.AUDIT + }, { label: "MANAGE_USER.FIELD_HEADER_CREATE_NEW_USERS", value: PermissionSet.SystemPermissionType.CREATE_USER diff --git a/guacamole/src/main/frontend/src/app/navigation/services/userPageService.js b/guacamole/src/main/frontend/src/app/navigation/services/userPageService.js index aeb701a336..9a9f693f6d 100644 --- a/guacamole/src/main/frontend/src/app/navigation/services/userPageService.js +++ b/guacamole/src/main/frontend/src/app/navigation/services/userPageService.js @@ -298,8 +298,9 @@ angular.module('navigation').factory('userPageService', ['$injector', // Determine whether the current user needs access to view connection history if ( - // A user must be a system administrator to view connection records - PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER) + // A user must be a system administrator or auditor to view connection records + PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER) + || PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.AUDIT) ) { canViewConnectionRecords.push(dataSource); } @@ -312,7 +313,7 @@ angular.module('navigation').factory('userPageService', ['$injector', url : '/settings/sessions' })); - // If user can manage connections, add links for connection management pages + // If user can view connection records, add links for connection history pages angular.forEach(canViewConnectionRecords, function addConnectionHistoryLink(dataSource) { pages.push(new PageDefinition({ name : [ diff --git a/guacamole/src/main/frontend/src/app/rest/types/PermissionSet.js b/guacamole/src/main/frontend/src/app/rest/types/PermissionSet.js index 9dd1ac8d68..2a549456bb 100644 --- a/guacamole/src/main/frontend/src/app/rest/types/PermissionSet.js +++ b/guacamole/src/main/frontend/src/app/rest/types/PermissionSet.js @@ -136,6 +136,11 @@ angular.module('rest').factory('PermissionSet', [function definePermissionSet() * Permission to administer the entire system. */ ADMINISTER : "ADMINISTER", + + /** + * Permission to view connection and user records for the entire system. + */ + AUDIT : "AUDIT", /** * Permission to create new users. diff --git a/guacamole/src/main/frontend/src/translations/en.json b/guacamole/src/main/frontend/src/translations/en.json index 7b5e55c65b..3486755e7d 100644 --- a/guacamole/src/main/frontend/src/translations/en.json +++ b/guacamole/src/main/frontend/src/translations/en.json @@ -408,6 +408,7 @@ "ERROR_PASSWORD_MISMATCH" : "@:APP.ERROR_PASSWORD_MISMATCH", "FIELD_HEADER_ADMINISTER_SYSTEM" : "Administer system:", + "FIELD_HEADER_AUDIT_SYSTEM" : "Audit system:", "FIELD_HEADER_CHANGE_OWN_PASSWORD" : "Change own password:", "FIELD_HEADER_CREATE_NEW_USERS" : "Create new users:", "FIELD_HEADER_CREATE_NEW_USER_GROUPS" : "Create new user groups:", @@ -449,6 +450,7 @@ "DIALOG_HEADER_ERROR" : "@:APP.DIALOG_HEADER_ERROR", "FIELD_HEADER_ADMINISTER_SYSTEM" : "@:MANAGE_USER.FIELD_HEADER_ADMINISTER_SYSTEM", + "FIELD_HEADER_AUDIT_SYSTEM" : "@:MANAGE_USER.FIELD_HEADER_AUDIT_SYSTEM", "FIELD_HEADER_CHANGE_OWN_PASSWORD" : "@:MANAGE_USER.FIELD_HEADER_CHANGE_OWN_PASSWORD", "FIELD_HEADER_CREATE_NEW_USERS" : "@:MANAGE_USER.FIELD_HEADER_CREATE_NEW_USERS", "FIELD_HEADER_CREATE_NEW_USER_GROUPS" : "@:MANAGE_USER.FIELD_HEADER_CREATE_NEW_USER_GROUPS",