Examples with Right com.zimbra.cs.account.accesscontrol.Right used on opensource projects

Search in sources :

Example 1 with Right

use of com.zimbra.cs.account.accesscontrol.Right in project zm-mailbox by Zimbra.

the class AccessManager method canSendInternal.

private boolean canSendInternal(Account grantee, Account targetAccount, String targetAddress, Right sendRight, boolean asAdmin) throws ServiceException {
    boolean allowed = false;
    Right dlSendRight;
    if (User.R_sendAs.equals(sendRight)) {
        dlSendRight = User.R_sendAsDistList;
    } else if (User.R_sendOnBehalfOf.equals(sendRight)) {
        dlSendRight = User.R_sendOnBehalfOfDistList;
    } else {
        throw ServiceException.FAILURE("invalid send right " + sendRight, null);
    }
    NamedEntry target = null;
    if (AccountUtil.addressHasInternalDomain(targetAddress)) {
        // If targetAddress has an internal domain, it could be another account or a distribution list.
        Provisioning prov = Provisioning.getInstance();
        if (prov.isDistributionList(targetAddress)) {
            target = prov.getGroupBasic(DistributionListBy.name, targetAddress);
            sendRight = dlSendRight;
        } else {
            target = prov.get(AccountBy.name, targetAddress);
        }
    } else if (targetAccount != null) {
        // If targetAddress has an external domain, it must be a zimbraAllowFromAddress of the target account.
        Set<String> addrs = new HashSet<String>();
        String[] allowedFromAddrs = targetAccount.getMultiAttr(Provisioning.A_zimbraAllowFromAddress);
        for (String addr : allowedFromAddrs) {
            addrs.add(addr.toLowerCase());
        }
        if (addrs.contains(targetAddress.toLowerCase())) {
            target = targetAccount;
        }
    }
    if (target != null) {
        allowed = canDo(grantee, target, sendRight, asAdmin);
        if (allowed && !asAdmin) {
            // Admins can send as any address of the target.  Non-admins can only use the addresses designated
            // by the target user/DL.
            allowed = AccountUtil.isAllowedSendAddress(target, targetAddress);
        }
    }
    return allowed;
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) Right(com.zimbra.cs.account.accesscontrol.Right)

Example 2 with Right

use of com.zimbra.cs.account.accesscontrol.Right in project zm-mailbox by Zimbra.

the class MailSenderTest method getSenderHeadersDelegatedAuth.

@Test
public void getSenderHeadersDelegatedAuth() throws Exception {
    Provisioning prov = Provisioning.getInstance();
    Account account = prov.getAccount(MockProvisioning.DEFAULT_ACCOUNT_ID);
    Map<String, Object> attrs = new HashMap<String, Object>();
    attrs.put(Provisioning.A_zimbraId, UUID.randomUUID().toString());
    Account account2 = prov.createAccount("test2@zimbra.com", "secret", attrs);
    MailSender mailSender = new MailSender();
    Pair<InternetAddress, InternetAddress> pair;
    String target = "test@zimbra.com";
    String mail = "test2@zimbra.com";
    String alias = "test-alias@zimbra.com";
    String invalid1 = "foo@zimbra.com";
    String invalid2 = "bar@zimbra.com";
    Right right = RightManager.getInstance().getUserRight("sendOnBehalfOf");
    ZimbraACE ace = new ZimbraACE(account2.getId(), GranteeType.GT_USER, right, null, null);
    Set<ZimbraACE> aces = new HashSet<ZimbraACE>();
    aces.add(ace);
    ACLUtil.grantRight(Provisioning.getInstance(), account, aces);
    pair = mailSender.getSenderHeaders(null, null, account, account2, false);
    Assert.assertEquals(mail, pair.getFirst().toString());
    Assert.assertNull(pair.getSecond());
    pair = mailSender.getSenderHeaders(new InternetAddress(mail), null, account, account2, false);
    Assert.assertEquals(mail, pair.getFirst().toString());
    Assert.assertNull(pair.getSecond());
    pair = mailSender.getSenderHeaders(null, new InternetAddress(mail), account, account2, false);
    Assert.assertEquals(mail, pair.getFirst().toString());
    Assert.assertNull(pair.getSecond());
    pair = mailSender.getSenderHeaders(new InternetAddress(mail), new InternetAddress(mail), account, account2, false);
    Assert.assertEquals(mail, pair.getFirst().toString());
    Assert.assertNull(pair.getSecond());
    pair = mailSender.getSenderHeaders(new InternetAddress(alias), null, account, account2, false);
    Assert.assertEquals(alias, pair.getFirst().toString());
    Assert.assertEquals(mail, pair.getSecond().toString());
    pair = mailSender.getSenderHeaders(null, new InternetAddress(alias), account, account2, false);
    Assert.assertEquals(alias, pair.getFirst().toString());
    Assert.assertEquals(mail, pair.getSecond().toString());
    pair = mailSender.getSenderHeaders(new InternetAddress(alias), new InternetAddress(alias), account, account2, false);
    Assert.assertEquals(alias, pair.getFirst().toString());
    Assert.assertEquals(mail, pair.getSecond().toString());
    pair = mailSender.getSenderHeaders(new InternetAddress(invalid1), null, account, account2, false);
    Assert.assertEquals(mail, pair.getFirst().toString());
    Assert.assertNull(pair.getSecond());
    pair = mailSender.getSenderHeaders(null, new InternetAddress(invalid1), account, account2, false);
    Assert.assertEquals(mail, pair.getFirst().toString());
    Assert.assertNull(pair.getSecond());
    pair = mailSender.getSenderHeaders(new InternetAddress(invalid1), new InternetAddress(invalid2), account, account2, false);
    Assert.assertEquals(mail, pair.getFirst().toString());
    Assert.assertNull(pair.getSecond());
    pair = mailSender.getSenderHeaders(new InternetAddress(alias), new InternetAddress(mail), account, account2, false);
    Assert.assertEquals(alias, pair.getFirst().toString());
    Assert.assertEquals(mail, pair.getSecond().toString());
    pair = mailSender.getSenderHeaders(new InternetAddress(mail), new InternetAddress(alias), account, account2, false);
    Assert.assertEquals(mail, pair.getFirst().toString());
    Assert.assertNull(pair.getSecond());
    pair = mailSender.getSenderHeaders(new InternetAddress(alias), new InternetAddress(invalid1), account, account2, false);
    Assert.assertEquals(alias, pair.getFirst().toString());
    Assert.assertEquals(mail, pair.getSecond().toString());
    pair = mailSender.getSenderHeaders(new InternetAddress(invalid1), new InternetAddress(alias), account, account2, false);
    Assert.assertEquals(mail, pair.getFirst().toString());
    Assert.assertNull(pair.getSecond());
    pair = mailSender.getSenderHeaders(new InternetAddress(mail), new InternetAddress(invalid1), account, account2, false);
    Assert.assertEquals(mail, pair.getFirst().toString());
    Assert.assertNull(pair.getSecond());
    pair = mailSender.getSenderHeaders(new InternetAddress(invalid1), new InternetAddress(mail), account, account2, false);
    Assert.assertEquals(mail, pair.getFirst().toString());
    Assert.assertNull(pair.getSecond());
}
Also used : Account(com.zimbra.cs.account.Account) InternetAddress(javax.mail.internet.InternetAddress) JavaMailInternetAddress(com.zimbra.common.mime.shim.JavaMailInternetAddress) HashMap(java.util.HashMap) Right(com.zimbra.cs.account.accesscontrol.Right) MockProvisioning(com.zimbra.cs.account.MockProvisioning) Provisioning(com.zimbra.cs.account.Provisioning) ZimbraACE(com.zimbra.cs.account.accesscontrol.ZimbraACE) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 3 with Right

use of com.zimbra.cs.account.accesscontrol.Right in project zm-mailbox by Zimbra.

the class ProvUtil method dumpComboRight.

private void dumpComboRight(ComboRight comboRight, boolean expandComboRight, String indent, Set<String> seen) {
    // detect circular combo rights
    if (seen.contains(comboRight.getName())) {
        console.println("Circular combo right: " + comboRight.getName() + " !!");
        return;
    }
    String indent2 = indent + indent;
    for (Right r : comboRight.getRights()) {
        String tt = r.getTargetTypeStr();
        tt = tt == null ? "" : " (" + tt + ")";
        // console.format("%s%10.10s: %s %s\n", indent2, r.getRightType().name(), r.getName(), tt);
        console.format("%s %s: %s %s\n", indent2, r.getRightType().name(), r.getName(), tt);
        seen.add(comboRight.getName());
        if (r.isComboRight() && expandComboRight) {
            dumpComboRight((ComboRight) r, expandComboRight, indent2, seen);
        }
        seen.clear();
    }
}
Also used : AdminRight(com.zimbra.cs.account.accesscontrol.AdminRight) Right(com.zimbra.cs.account.accesscontrol.Right) ComboRight(com.zimbra.cs.account.accesscontrol.ComboRight) AttrRight(com.zimbra.cs.account.accesscontrol.AttrRight)

Example 4 with Right

use of com.zimbra.cs.account.accesscontrol.Right in project zm-mailbox by Zimbra.

the class ProvUtil method doGetAllRights.

private void doGetAllRights(String[] args) throws ServiceException, ArgException {
    boolean verbose = false;
    String targetType = null;
    String rightClass = null;
    int i = 1;
    while (i < args.length) {
        String arg = args[i];
        if (arg.equals("-v")) {
            verbose = true;
        } else if (arg.equals("-t")) {
            i++;
            if (i == args.length) {
                throw new ArgException("not enough arguments");
            } else {
                targetType = args[i];
            }
        } else if (arg.equals("-c")) {
            i++;
            if (i == args.length) {
                throw new ArgException("not enough arguments");
            } else {
                rightClass = args[i];
            }
        } else {
            throw new ArgException("invalid arg: " + arg);
        }
        i++;
    }
    List<Right> allRights = prov.getAllRights(targetType, false, rightClass);
    for (Right right : allRights) {
        if (verbose) {
            dumpRight(right);
        } else {
            console.println(right.getName());
        }
    }
}
Also used : AdminRight(com.zimbra.cs.account.accesscontrol.AdminRight) Right(com.zimbra.cs.account.accesscontrol.Right) ComboRight(com.zimbra.cs.account.accesscontrol.ComboRight) AttrRight(com.zimbra.cs.account.accesscontrol.AttrRight)

Example 5 with Right

use of com.zimbra.cs.account.accesscontrol.Right in project zm-mailbox by Zimbra.

the class DiscoverRights method handle.

@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
    ZimbraSoapContext zsc = getZimbraSoapContext(context);
    Account account = getRequestedAccount(zsc);
    if (!canAccessAccount(zsc, account)) {
        throw ServiceException.PERM_DENIED("can not access account");
    }
    RightManager rightMgr = RightManager.getInstance();
    Set<Right> rights = Sets.newHashSet();
    for (Element eRight : request.listElements(AccountConstants.E_RIGHT)) {
        UserRight r = rightMgr.getUserRight(eRight.getText());
        rights.add(r);
    }
    if (rights.size() == 0) {
        throw ServiceException.INVALID_REQUEST("no right is specified", null);
    }
    Element response = zsc.createElement(AccountConstants.DISCOVER_RIGHTS_RESPONSE);
    discoverRights(account, rights, response, true);
    return response;
}
Also used : Account(com.zimbra.cs.account.Account) UserRight(com.zimbra.cs.account.accesscontrol.UserRight) ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext) RightManager(com.zimbra.cs.account.accesscontrol.RightManager) Element(com.zimbra.common.soap.Element) UserRight(com.zimbra.cs.account.accesscontrol.UserRight) Right(com.zimbra.cs.account.accesscontrol.Right)

Aggregations

Right (com.zimbra.cs.account.accesscontrol.Right)52 Account (com.zimbra.cs.account.Account)38 Domain (com.zimbra.cs.account.Domain)22 Test (org.junit.Test)20 GuestAccount (com.zimbra.cs.account.GuestAccount)17 DistributionList (com.zimbra.cs.account.DistributionList)12 AdminRight (com.zimbra.cs.account.accesscontrol.AdminRight)8 Element (com.zimbra.common.soap.Element)7 Group (com.zimbra.cs.account.Group)7 AttrRight (com.zimbra.cs.account.accesscontrol.AttrRight)7 ComboRight (com.zimbra.cs.account.accesscontrol.ComboRight)7 TargetType (com.zimbra.cs.account.accesscontrol.TargetType)7 UserRight (com.zimbra.cs.account.accesscontrol.UserRight)7 RightsByTargetType (com.zimbra.cs.account.accesscontrol.RightCommand.RightsByTargetType)6 ZimbraSoapContext (com.zimbra.soap.ZimbraSoapContext)6 ServiceException (com.zimbra.common.service.ServiceException)5 CheckRight (com.zimbra.cs.account.accesscontrol.CheckRight)5 GranteeType (com.zimbra.cs.account.accesscontrol.GranteeType)5 PresetRight (com.zimbra.cs.account.accesscontrol.PresetRight)5 ZimbraACE (com.zimbra.cs.account.accesscontrol.ZimbraACE)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial