use of com.zimbra.client.ZAce in project zm-mailbox by Zimbra.
the class ZMailboxUtil method doGetRights.
private void doGetRights(String[] args) throws ServiceException {
if (verboseOpt()) {
StringBuilder sb = new StringBuilder();
for (ZAce g : mMbox.getRights(args)) {
if (sb.length() > 0)
sb.append(",\n");
sb.append(g.dump());
}
stdout.format("[%n%s%n]%n", sb.toString());
} else {
String format = "%16.16s %8.8s %s%n";
stdout.format(format, "Right", "Type", "Display");
stdout.format(format, "----------------", "--------", "-------");
List<ZAce> result = mMbox.getRights(args);
Comparator<ZAce> comparator = new Comparator<ZAce>() {
@Override
public int compare(ZAce a, ZAce b) {
// sort by right -> grantee type -> grantee name
String aKey = a.getRight() + a.getGranteeTypeSortOrder() + (a.getGranteeName() == null ? "" : a.getGranteeName());
String bKey = b.getRight() + b.getGranteeTypeSortOrder() + (b.getGranteeName() == null ? "" : b.getGranteeName());
int order = aKey.compareTo(bKey);
if (// a grantee is denied and allowed, not likely, but put the deny before allow if such entry does exist
order == 0)
order = a.getDeny() ? -1 : 1;
return order;
}
};
Collections.sort(result, comparator);
for (ZAce ace : result) {
stdout.format(format, ace.getRightDisplay(), ace.getGranteeTypeDisplay(), ace.getGranteeName());
}
}
stdout.println();
}
use of com.zimbra.client.ZAce in project zm-mailbox by Zimbra.
the class ZMailboxUtil method doRevokeRight.
private void doRevokeRight(String[] args) throws ServiceException {
ZAce ace = getAceFromArgs(args);
ZAce.GranteeType granteeType = ace.getGranteeType();
if (granteeType == ZAce.GranteeType.usr || granteeType == ZAce.GranteeType.grp || granteeType == ZAce.GranteeType.dom) {
// convert grantee to grantee id if it is a name
String zid = null;
String granteeName = ace.getGranteeName();
String[] rights = new String[] { ace.getRight() };
for (ZAce g : mMbox.getRights(rights)) {
if (granteeName.equalsIgnoreCase(g.getGranteeName()) || granteeName.equalsIgnoreCase(g.getGranteeId())) {
zid = g.getGranteeId();
break;
}
}
if (zid == null)
throw ZClientException.CLIENT_ERROR("no such grant", null);
ace.setGranteeId(zid);
}
List<ZAce> revoked = mMbox.revokeRight(ace);
if (revoked.size() == 0)
stdout.println(" revoked no right");
else {
stdout.println(" revoked: ");
for (ZAce r : revoked) stdout.println(" " + r.getGranteeTypeDisplay() + " " + r.getGranteeName() + " " + r.getRightDisplay());
}
}
use of com.zimbra.client.ZAce in project zm-mailbox by Zimbra.
the class ZMailboxUtil method doGrantRight.
private void doGrantRight(String[] args) throws ServiceException {
ZAce ace = getAceFromArgs(args);
List<ZAce> granted = mMbox.grantRight(ace);
if (granted.size() == 0)
stdout.println(" granted no right");
else {
stdout.println(" granted: ");
for (ZAce g : granted) stdout.println(" " + g.getGranteeTypeDisplay() + " " + g.getGranteeName() + " " + g.getRightDisplay());
}
}
use of com.zimbra.client.ZAce in project zm-mailbox by Zimbra.
the class TestACLUserRights method testFallbackToFolderRight.
@Test
@Bug(bug = 42146)
public void testFallbackToFolderRight() throws Exception {
// grantees
Account allowed = createUserAccount("allowed");
Account denied = createUserAccount("denied");
Account noAclButHasFolderGrant = createUserAccount("noAclButHasFolderGrant");
Account noAclAndNoFolderGrant = createUserAccount("noAclAndNoFolderGrant");
// owner
Account owner = createUserAccount("owner");
ZMailbox ownerMbox = TestUtil.getZMailbox(owner.getName());
// grant account right
ZAce aceAllow = new ZAce(ZAce.GranteeType.usr, allowed.getId(), allowed.getName(), "invite", false, null);
ownerMbox.grantRight(aceAllow);
ZAce aceDeny = new ZAce(ZAce.GranteeType.usr, denied.getId(), denied.getName(), "invite", true, null);
ownerMbox.grantRight(aceDeny);
// grant folder right
String folderPath = "/Calendar";
short rights = ACL.RIGHT_READ | ACL.RIGHT_WRITE | ACL.RIGHT_INSERT | ACL.RIGHT_DELETE;
String rightsStr = ACL.rightsToString(rights);
ZFolder folder = ownerMbox.getFolder(folderPath);
ownerMbox.modifyFolderGrant(folder.getId(), ZGrant.GranteeType.usr, denied.getName(), rightsStr, null);
ownerMbox.modifyFolderGrant(folder.getId(), ZGrant.GranteeType.usr, noAclButHasFolderGrant.getName(), rightsStr, null);
// check permission
List<String> rightsToCheck = new ArrayList<String>();
rightsToCheck.add("invite");
boolean result;
result = TestUtil.getZMailbox(allowed.getName()).checkRights(owner.getName(), rightsToCheck);
assertTrue(result);
result = TestUtil.getZMailbox(denied.getName()).checkRights(owner.getName(), rightsToCheck);
assertTrue(result);
result = TestUtil.getZMailbox(noAclButHasFolderGrant.getName()).checkRights(owner.getName(), rightsToCheck);
assertTrue(result);
result = TestUtil.getZMailbox(noAclAndNoFolderGrant.getName()).checkRights(owner.getName(), rightsToCheck);
assertFalse(result);
}
Aggregations