Examples with ViaGrant - com.zimbra.cs.account.AccessManager.ViaGrant

Example 1 with ViaGrant

use of com.zimbra.cs.account.AccessManager.ViaGrant in project zm-mailbox by Zimbra.

the class TestACL method verify.

/*
     * verify expected result
     */
protected void verify(Account grantee, Entry target, Right right, AsAdmin asAdmin, AllowOrDeny expected, ViaGrant expectedVia) throws Exception {
    boolean result;
    // Account interface
    ViaGrant via = (expectedVia == null) ? null : new ViaGrant();
    result = mAM.canDo(grantee == null ? null : grantee, target, right, asAdmin.yes(), via);
    assertEquals(expected.allow(), result);
    assertEquals(expectedVia, via);
    // AuthToken interface
    via = (expectedVia == null) ? null : new ViaGrant();
    result = mAM.canDo(grantee == null ? null : AuthProvider.getAuthToken(grantee), target, right, asAdmin.yes(), via);
    assertEquals(expected.allow(), result);
    assertEquals(expectedVia, via);
    // String interface
    via = (expectedVia == null) ? null : new ViaGrant();
    result = mAM.canDo(grantee == null ? null : grantee.getName(), target, right, asAdmin.yes(), via);
    if (grantee instanceof GuestAccount && ((GuestAccount) grantee).getAccessKey() != null) {
        // - if there is a pub grant: should expect the expected
        return;
    }
    assertEquals(expected.allow(), result);
    assertEquals(expectedVia, via);
}

Also used : GuestAccount(com.zimbra.cs.account.GuestAccount) ViaGrant(com.zimbra.cs.account.AccessManager.ViaGrant)

Example 2 with ViaGrant

use of com.zimbra.cs.account.AccessManager.ViaGrant in project zm-mailbox by Zimbra.

the class CheckRight method handle.

@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
    ZimbraSoapContext zsc = getZimbraSoapContext(context);
    Element eTarget = request.getElement(AdminConstants.E_TARGET);
    String targetType = eTarget.getAttribute(AdminConstants.A_TYPE);
    TargetBy targetBy = null;
    String target = null;
    if (TargetType.fromCode(targetType).needsTargetIdentity()) {
        targetBy = TargetBy.fromString(eTarget.getAttribute(AdminConstants.A_BY));
        target = eTarget.getText();
    }
    Element eGrantee = request.getElement(AdminConstants.E_GRANTEE);
    GranteeType granteeType = GranteeType.fromCode(eGrantee.getAttribute(AdminConstants.A_TYPE, GranteeType.GT_EMAIL.getCode()));
    if ((granteeType != GranteeType.GT_USER) && (granteeType != GranteeType.GT_EMAIL)) {
        throw ServiceException.INVALID_REQUEST("invalid grantee type " + granteeType, null);
    }
    GranteeBy granteeBy = GranteeBy.fromString(eGrantee.getAttribute(AdminConstants.A_BY));
    String granteeVal = eGrantee.getText();
    Element eRight = request.getElement(AdminConstants.E_RIGHT);
    String right = eRight.getText();
    Element eAttrs = request.getOptionalElement(AdminConstants.E_ATTRS);
    Map<String, Object> attrs = (eAttrs == null) ? null : AdminService.getAttrs(request);
    MailTarget grantee = null;
    NamedEntry ne = GranteeType.lookupGrantee(Provisioning.getInstance(), granteeType, granteeBy, granteeVal);
    if (ne instanceof MailTarget) {
        grantee = (MailTarget) ne;
    } else {
        grantee = new GuestAccount(granteeVal, null);
    }
    if (!granteeVal.equals(zsc.getAuthtokenAccountId())) {
        /* Make sure authenticated account has the right to check rights for this grantee.
             */
        checkCheckRightRight(zsc, (grantee instanceof Account) ? GranteeType.GT_USER : GranteeType.GT_GROUP, granteeBy, granteeVal, true);
    }
    ViaGrant via = new ViaGrant();
    boolean result = RightCommand.checkRight(Provisioning.getInstance(), targetType, targetBy, target, grantee, right, attrs, via);
    Element resp = zsc.createElement(AdminConstants.CHECK_RIGHT_RESPONSE);
    resp.addAttribute(AdminConstants.A_ALLOW, result);
    if (via.available()) {
        Element eVia = resp.addElement(AdminConstants.E_VIA);
        Element eViaTarget = eVia.addElement(AdminConstants.E_TARGET);
        eViaTarget.addAttribute(AdminConstants.A_TYPE, via.getTargetType());
        eViaTarget.setText(via.getTargetName());
        Element eViaGrantee = eVia.addElement(AdminConstants.E_GRANTEE);
        eViaGrantee.addAttribute(AdminConstants.A_TYPE, via.getGranteeType());
        eViaGrantee.setText(via.getGranteeName());
        Element eViaRight = eVia.addElement(AdminConstants.E_RIGHT);
        eViaRight.addAttribute(AdminConstants.A_DENY, via.isNegativeGrant());
        eViaRight.setText(via.getRight());
    }
    return resp;
}

Also used : GuestAccount(com.zimbra.cs.account.GuestAccount) Account(com.zimbra.cs.account.Account) GranteeType(com.zimbra.cs.account.accesscontrol.GranteeType) GuestAccount(com.zimbra.cs.account.GuestAccount) Element(com.zimbra.common.soap.Element) TargetBy(com.zimbra.soap.type.TargetBy) MailTarget(com.zimbra.cs.account.MailTarget) NamedEntry(com.zimbra.cs.account.NamedEntry) ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext) GranteeBy(com.zimbra.soap.admin.type.GranteeSelector.GranteeBy) ViaGrant(com.zimbra.cs.account.AccessManager.ViaGrant)

Example 3 with ViaGrant

use of com.zimbra.cs.account.AccessManager.ViaGrant in project zm-mailbox by Zimbra.

the class TestACLNegativeGrant method verify.

protected void verify(Account grantee, Entry target, Right right, AsAdmin asAdmin, AllowOrDeny expected, TestViaGrant expectedVia) throws Exception {
    AccessManager accessMgr = AccessManager.getInstance();
    boolean result;
    // Account interface
    ViaGrant via = (expectedVia == null) ? null : new ViaGrant();
    result = accessMgr.canDo(grantee == null ? null : grantee, target, right, asAdmin.yes(), via);
    assertEquals(expected.allow(), result);
    TestViaGrant.verifyEquals(expectedVia, via);
    // AuthToken interface
    via = (expectedVia == null) ? null : new ViaGrant();
    result = accessMgr.canDo(grantee == null ? null : AuthProvider.getAuthToken(grantee), target, right, asAdmin.yes(), via);
    assertEquals(expected.allow(), result);
    TestViaGrant.verifyEquals(expectedVia, via);
    // String interface
    via = (expectedVia == null) ? null : new ViaGrant();
    result = accessMgr.canDo(grantee == null ? null : grantee.getName(), target, right, asAdmin.yes(), via);
    if (grantee instanceof GuestAccount && ((GuestAccount) grantee).getAccessKey() != null) {
        // - if there is a pub grant: should expect the expected
        return;
    }
    assertEquals(expected.allow(), result);
    TestViaGrant.verifyEquals(expectedVia, via);
}

Also used : AccessManager(com.zimbra.cs.account.AccessManager) GuestAccount(com.zimbra.cs.account.GuestAccount) ViaGrant(com.zimbra.cs.account.AccessManager.ViaGrant) TestViaGrant(com.zimbra.qa.unittest.prov.ldap.ACLTestUtil.TestViaGrant)

Aggregations

ViaGrant (com.zimbra.cs.account.AccessManager.ViaGrant)3 GuestAccount (com.zimbra.cs.account.GuestAccount)3 Element (com.zimbra.common.soap.Element)1 AccessManager (com.zimbra.cs.account.AccessManager)1 Account (com.zimbra.cs.account.Account)1 MailTarget (com.zimbra.cs.account.MailTarget)1 NamedEntry (com.zimbra.cs.account.NamedEntry)1 GranteeType (com.zimbra.cs.account.accesscontrol.GranteeType)1 TestViaGrant (com.zimbra.qa.unittest.prov.ldap.ACLTestUtil.TestViaGrant)1 ZimbraSoapContext (com.zimbra.soap.ZimbraSoapContext)1 GranteeBy (com.zimbra.soap.admin.type.GranteeSelector.GranteeBy)1 TargetBy (com.zimbra.soap.type.TargetBy)1