On Wed, Dec 27, 2017 at 21:59 feifei0814a <870487...@qq.com> wrote: > <p>I know you said users cannot change their own permissions on the HTML5 > website, it looks just like </p> > < > http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/file/t476/44.png > > > <p>and my admin user's page is</p> > < > http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/file/t476/55.png > > > <p>and the user 'seu_test' has no permissions</p> > < > http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/file/t476/66.png > > > > <p>And I can change user 'seu_test' permission through the API use PATCH > function with HTML in postman tool</p> > < > http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/file/t476/88.png > > > <p>You can find that the responce is 204 and the user 'seu_test' now has > the > administer permission.</p> > < > http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/file/t476/99.png > >
Are you absolutely certain, when running this through postman, that the token you're using belongs to the seu_test user, and not to the guacadmin user? The screenshots did not provide enough detail to verify that you're using the correct token from the correct logon for toys operation. -Nick > > <p>I download the guacamole-client and auth-jdbc from official website and > the version is 0.9.13. So, I don't know how to change the source code in > order to forbid common users change their permission through the API with > patch function</p> > > > > > > > > > > -- > Sent from: > http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/ >
