Examples with GrantGranteeType - com.zimbra.common.mailbox.GrantGranteeType

Example 1 with GrantGranteeType

use of com.zimbra.common.mailbox.GrantGranteeType in project zm-mailbox by Zimbra.

the class ImapHandler method doGETACL.

private boolean doGETACL(String tag, ImapPath path) throws IOException {
    if (!checkState(tag, State.AUTHENTICATED)) {
        return true;
    }
    StringBuilder i4acl = new StringBuilder("ACL ").append(path.asUtf7String());
    try {
        // make sure the requester has sufficient permissions to make the request
        if ((path.getFolderRights() & ACL.RIGHT_ADMIN) == 0) {
            ZimbraLog.imap.info("GETACL failed: user does not have admin access: %s", path);
            sendNO(tag, "GETACL failed");
            return true;
        }
        // the target folder's owner always has full rights
        Account owner = path.getOwnerAccount();
        if (owner != null) {
            i4acl.append(" \"").append(owner.getName()).append("\" ").append(IMAP_CONCATENATED_RIGHTS);
        }
        // write out the grants to all users and groups
        Short anyoneRights = null;
        FolderStore folderStore = path.getFolder();
        if (null != folderStore) {
            for (ACLGrant grant : folderStore.getACLGrants()) {
                GrantGranteeType gType = grant.getGrantGranteeType();
                short rights = ACL.stringToRights(grant.getPermissions());
                if (gType == GrantGranteeType.pub || gType == GrantGranteeType.all) {
                    anyoneRights = (short) ((anyoneRights == null ? 0 : anyoneRights) | rights);
                } else if (gType == GrantGranteeType.usr || gType == GrantGranteeType.grp) {
                    NamedEntry entry = FolderAction.lookupGranteeByZimbraId(grant.getGranteeId(), gType.asByte());
                    if (entry != null) {
                        i4acl.append(" \"").append(entry.getName()).append("\" ").append(exportRights(rights));
                    }
                }
            }
        }
        // aggregate all the "public" and "auth user" grants into the "anyone" IMAP ACL
        if (anyoneRights != null) {
            i4acl.append(" anyone ").append(exportRights(anyoneRights));
        }
    } catch (ServiceException e) {
        if (e.getCode().equals(ServiceException.PERM_DENIED)) {
            ZimbraLog.imap.info("GETACL failed: permission denied on folder: %s", path);
        } else if (e.getCode().equals(MailServiceException.NO_SUCH_FOLDER)) {
            ZimbraLog.imap.info("GETACL failed: no such folder: %s", path);
        } else {
            ZimbraLog.imap.warn("GETACL failed", e);
        }
        sendNO(tag, "GETACL failed");
        return true;
    }
    sendUntagged(i4acl.toString());
    sendNotifications(true, false);
    sendOK(tag, "GETACL completed");
    return true;
}

Also used : Account(com.zimbra.cs.account.Account) GuestAccount(com.zimbra.cs.account.GuestAccount) NamedEntry(com.zimbra.cs.account.NamedEntry) AccountServiceException(com.zimbra.cs.account.AccountServiceException) ServiceException(com.zimbra.common.service.ServiceException) MailServiceException(com.zimbra.cs.mailbox.MailServiceException) SearchFolderStore(com.zimbra.common.mailbox.SearchFolderStore) FolderStore(com.zimbra.common.mailbox.FolderStore) GrantGranteeType(com.zimbra.common.mailbox.GrantGranteeType) ACLGrant(com.zimbra.common.mailbox.ACLGrant)

Aggregations

ACLGrant (com.zimbra.common.mailbox.ACLGrant)1 FolderStore (com.zimbra.common.mailbox.FolderStore)1 GrantGranteeType (com.zimbra.common.mailbox.GrantGranteeType)1 SearchFolderStore (com.zimbra.common.mailbox.SearchFolderStore)1 ServiceException (com.zimbra.common.service.ServiceException)1 Account (com.zimbra.cs.account.Account)1 AccountServiceException (com.zimbra.cs.account.AccountServiceException)1 GuestAccount (com.zimbra.cs.account.GuestAccount)1 NamedEntry (com.zimbra.cs.account.NamedEntry)1 MailServiceException (com.zimbra.cs.mailbox.MailServiceException)1