Example 1 with AttributeClass
use of com.zimbra.cs.account.AttributeClass in project zm-mailbox by Zimbra.
the class EphemeralAttributesTest method initEphemeralAttributes.
private static void initEphemeralAttributes() throws Exception {
Set<AttributeClass> requiredIn = Sets.newHashSet(AttributeClass.account);
Set<AttributeFlag> flags = Sets.newHashSet(AttributeFlag.ephemeral, AttributeFlag.dynamic, AttributeFlag.expirable);
AttributeInfo ai1 = new AttributeInfo(Provisioning.A_zimbraAuthTokens, 1, null, 0, null, AttributeType.TYPE_ASTRING, null, "", true, null, null, AttributeCardinality.multi, requiredIn, null, flags, null, null, null, null, null, "auth tokens", null, null, null);
AttributeInfo ai2 = new AttributeInfo(Provisioning.A_zimbraCsrfTokenData, 1, null, 0, null, AttributeType.TYPE_ASTRING, null, "", true, null, null, AttributeCardinality.multi, requiredIn, null, flags, null, null, null, null, null, "csrf tokens", null, null, null);
AttributeInfo ai3 = new AttributeInfo(Provisioning.A_zimbraLastLogonTimestamp, 1, null, 0, null, AttributeType.TYPE_GENTIME, null, "", true, null, null, AttributeCardinality.single, requiredIn, null, flags, null, null, null, null, null, "last logon timestamp", null, null, null);
AttributeInfo ai4 = new AttributeInfo(Provisioning.A_zimbraAppSpecificPassword, 1, null, 0, null, AttributeType.TYPE_ASTRING, null, "", true, null, null, AttributeCardinality.single, requiredIn, null, flags, null, null, null, null, null, "app-specific passwords", null, null, null);
AttributeManager am = new AttributeManager();
am.addAttribute(ai1);
am.addAttribute(ai2);
am.addAttribute(ai3);
am.addAttribute(ai4);
}
Also used :
AttributeFlag(com.zimbra.cs.account.AttributeFlag)
AttributeInfo(com.zimbra.cs.account.AttributeInfo)
AttributeManager(com.zimbra.cs.account.AttributeManager)
AttributeClass(com.zimbra.cs.account.AttributeClass)
Example 2 with AttributeClass
use of com.zimbra.cs.account.AttributeClass in project zm-mailbox by Zimbra.
the class CheckAttrRight method computeAccessibleAttrs.
private AllowedAttrs computeAccessibleAttrs() throws ServiceException {
if (mGrantee == null) {
return AllowedAttrs.DENY_ALL_ATTRS();
}
Map<String, Integer> allowSome = new HashMap<String, Integer>();
Map<String, Integer> denySome = new HashMap<String, Integer>();
Integer relativity = Integer.valueOf(1);
// we iterate through all the targets from which grants can be inherited
// by the perspective target. More specific targets are visited before
// less specific targets. For each target, there are two "ranks" of
// grantee types: individual and group. Therefore, each time when we
// visit the next target, we bump up the relativity by 2.
int granteeRanksPerTarget = 2;
//
// collecting phase
//
CollectAttrsResult car = CollectAttrsResult.SOME;
// check the target entry itself
List<ZimbraACE> acl = ACLUtil.getAllACEs(mTarget);
if (acl != null) {
car = checkTarget(acl, relativity, false, allowSome, denySome);
relativity += granteeRanksPerTarget;
}
//
// if the target is a domain-ed entry, get the domain of the target.
// It is need for checking the cross domain right.
//
Domain targetDomain = TargetType.getTargetDomain(mProv, mTarget);
if (!car.isAll()) {
// check grants granted on entries from which the target entry can inherit
boolean expandTargetGroups = CheckRight.allowGroupTarget(mRightNeeded);
TargetIterator iter = TargetIterator.getTargetIeterator(mProv, mTarget, expandTargetGroups);
Entry grantedOn;
GroupACLs groupACLs = null;
while ((grantedOn = iter.next()) != null && (!car.isAll())) {
acl = ACLUtil.getAllACEs(grantedOn);
if (grantedOn instanceof Group) {
if (acl == null)
continue;
boolean skipPositiveGrants = false;
// members in the group can be in different domains, no point checking it.
if (mGrantee.isAccount()) {
skipPositiveGrants = !CrossDomain.crossDomainOK(mProv, mGrantee.getAccount(), mGrantee.getDomain(), targetDomain, (Group) grantedOn);
}
// don't check yet, collect all acls on all target groups
if (groupACLs == null) {
groupACLs = new GroupACLs(mTarget);
}
groupACLs.collectACL((Group) grantedOn, skipPositiveGrants);
} else {
// We put denied in the front, so it is consistent with ZimbraACL.getAllACEs
if (groupACLs != null) {
List<ZimbraACE> aclsOnGroupTargets = groupACLs.getAllACLs();
if (aclsOnGroupTargets != null) {
car = checkTarget(aclsOnGroupTargets, relativity, false, allowSome, denySome);
relativity += granteeRanksPerTarget;
if (car.isAll())
break;
// else continue with the next target
}
// set groupACLs to null, we are done with group targets
groupACLs = null;
}
if (acl == null)
continue;
boolean subDomain = (mTargetType == TargetType.domain && (grantedOn instanceof Domain));
car = checkTarget(acl, relativity, subDomain, allowSome, denySome);
relativity += granteeRanksPerTarget;
}
}
}
// log collecting phase result
if (sLog.isDebugEnabled()) {
StringBuilder sb = new StringBuilder();
sb.append("Allowed: {");
for (Map.Entry<String, Integer> as : allowSome.entrySet()) {
sb.append("(" + as.getKey() + ", " + as.getValue() + ")");
}
sb.append("}");
sb.append(" Denied: {");
for (Map.Entry<String, Integer> ds : denySome.entrySet()) {
sb.append("(" + ds.getKey() + ", " + ds.getValue() + ")");
}
sb.append("}");
// the value SOME itself is correct function-wise.
if (car == CollectAttrsResult.SOME && allowSome.isEmpty() && denySome.isEmpty()) {
sLog.debug("accessibleAttrs: NONE");
} else {
sLog.debug("accessibleAttrs: " + car.name() + ". " + sb.toString());
}
}
//
// computing phase
//
AllowedAttrs result;
AttributeClass klass = TargetType.getAttributeClass(mTarget);
if (car == CollectAttrsResult.ALLOW_ALL)
result = processAllowAll(allowSome, denySome, klass);
else if (car == CollectAttrsResult.DENY_ALL)
result = processDenyAll(allowSome, denySome, klass);
else {
// now allowSome and denySome contain attrs allowed/denied and their shortest distance
// to the target, remove denied ones from allowed if they've got a shorter distance
Set<String> conflicts = SetUtil.intersect(allowSome.keySet(), denySome.keySet());
if (!conflicts.isEmpty()) {
for (String attr : conflicts) {
if (denySome.get(attr) <= allowSome.get(attr))
allowSome.remove(attr);
}
}
result = AllowedAttrs.ALLOW_SOME_ATTRS(allowSome.keySet());
}
// computeCanDo(result, target, rightNeeded, attrs);
return result;
}Example 3 with AttributeClass
use of com.zimbra.cs.account.AttributeClass in project zm-mailbox by Zimbra.
the class GetAttributeInfo method handle.
@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
ZimbraSoapContext zsc = getZimbraSoapContext(context);
String[] attrs = null;
String attrsRequested = request.getAttribute(AdminConstants.A_ATTRS, null);
if (attrsRequested != null) {
attrs = attrsRequested.split(",");
}
String[] entryTypes = null;
String entryTypesRequested = request.getAttribute(AdminConstants.A_ENTRY_TYPES, null);
if (entryTypesRequested != null) {
entryTypes = entryTypesRequested.split(",");
}
if (attrs != null && entryTypes != null) {
throw ServiceException.INVALID_REQUEST("only one of " + AdminConstants.A_ATTRS + " or " + AdminConstants.A_ENTRY_TYPES + " can be specified", null);
}
AttributeManager attrMgr = AttributeManager.getInstance();
Element response = zsc.createElement(AdminConstants.GET_ATTRIBUTE_INFO_RESPONSE);
if (attrs != null) {
for (String attr : attrs) {
encodeAttr(response, attrMgr, attr.trim());
}
} else if (entryTypes != null) {
for (String entry : entryTypes) {
AttributeClass attrClass = AttributeClass.fromString(entry.trim());
TreeSet<String> attrsOnEntry = new TreeSet<String>(attrMgr.getAllAttrsInClass(attrClass));
for (String attr : attrsOnEntry) {
encodeAttr(response, attrMgr, attr);
}
}
} else {
// AttributeManager.getAllAttrs() only contains attrs with AttributeInfo,
// not extension attrs
// attrs = new TreeSet<String>(am.getAllAttrs());
//
// attr sets for each AttributeClass contain attrs in the extensions, use them
TreeSet<String> allAttrs = new TreeSet<String>();
for (AttributeClass ac : AttributeClass.values()) {
allAttrs.addAll(attrMgr.getAllAttrsInClass(ac));
}
for (String attr : allAttrs) {
encodeAttr(response, attrMgr, attr);
}
}
return response;
}
Also used :
AttributeManager(com.zimbra.cs.account.AttributeManager)
ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext)
TreeSet(java.util.TreeSet)
Element(com.zimbra.common.soap.Element)
AttributeClass(com.zimbra.cs.account.AttributeClass)
Example 4 with AttributeClass
use of com.zimbra.cs.account.AttributeClass in project zm-mailbox by Zimbra.
the class CreateDataSource method handle.
public Element handle(Element request, Map<String, Object> context) throws ServiceException, SoapFaultException {
ZimbraSoapContext zsc = getZimbraSoapContext(context);
Provisioning prov = Provisioning.getInstance();
String id = request.getAttribute(AdminConstants.E_ID);
Account account = prov.get(AccountBy.id, id, zsc.getAuthToken());
if (account == null)
throw AccountServiceException.NO_SUCH_ACCOUNT(id);
checkAdminLoginAsRight(zsc, prov, account);
Element dsEl = request.getElement(AccountConstants.E_DATA_SOURCE);
Map<String, Object> attrs = AdminService.getAttrs(dsEl);
DataSourceType type = DataSourceType.fromString(dsEl.getAttribute(AccountConstants.A_TYPE));
// Note: isDomainAdminOnly *always* returns false for pure ACL based AccessManager
if (isDomainAdminOnly(zsc)) {
// yuck, can't really integrate into AdminDocumentHandler methods cleanly
// have to check separately here
AttributeClass klass = ModifyDataSource.getAttributeClassFromType(type);
checkModifyAttrs(zsc, klass, attrs);
}
String name = dsEl.getAttribute(AccountConstants.A_NAME);
DataSource ds = Provisioning.getInstance().createDataSource(account, type, name, attrs);
Element response = zsc.createElement(AdminConstants.CREATE_DATA_SOURCE_RESPONSE);
com.zimbra.cs.service.account.ToXML.encodeDataSource(response, ds);
return response;
}
Also used :
Account(com.zimbra.cs.account.Account)
ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext)
Element(com.zimbra.common.soap.Element)
DataSourceType(com.zimbra.soap.admin.type.DataSourceType)
AttributeClass(com.zimbra.cs.account.AttributeClass)
Provisioning(com.zimbra.cs.account.Provisioning)
DataSource(com.zimbra.cs.account.DataSource)
Example 5 with AttributeClass
use of com.zimbra.cs.account.AttributeClass in project zm-mailbox by Zimbra.
the class ModifyDataSource method handle.
@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException, SoapFaultException {
ZimbraSoapContext zsc = getZimbraSoapContext(context);
Provisioning prov = Provisioning.getInstance();
ModifyDataSourceRequest req = zsc.elementToJaxb(request);
String id = req.getId();
if (null == id) {
throw ServiceException.INVALID_REQUEST("missing required attribute: " + AdminConstants.E_ID, null);
}
Account account = prov.get(AccountBy.id, id, zsc.getAuthToken());
defendAgainstAccountOrCalendarResourceHarvesting(account, AccountBy.id, id, zsc, Admin.R_adminLoginAs, Admin.R_adminLoginCalendarResourceAs);
DataSourceInfo dataSource = req.getDataSource();
Map<String, Object> attrs = dataSource.getAttrsAsOldMultimap();
String dsId = dataSource.getId();
DataSource ds = prov.get(account, Key.DataSourceBy.id, dsId);
if (ds == null) {
throw ServiceException.INVALID_REQUEST("Cannot find data source with id=" + dsId, null);
}
DataSourceType type = ds.getType();
// Note: isDomainAdminOnly *always* returns false for pure ACL based AccessManager
if (isDomainAdminOnly(zsc)) {
// yuck, can't really integrate into AdminDocumentHandler methods
// have to check separately here
AttributeClass klass = ModifyDataSource.getAttributeClassFromType(type);
checkModifyAttrs(zsc, klass, attrs);
}
ZimbraLog.addDataSourceNameToContext(ds.getName());
prov.modifyDataSource(account, dsId, attrs);
Element response = zsc.createElement(AdminConstants.MODIFY_DATA_SOURCE_RESPONSE);
return response;
}
Also used :
DataSourceInfo(com.zimbra.soap.admin.type.DataSourceInfo)
Account(com.zimbra.cs.account.Account)
ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext)
DataSourceType(com.zimbra.soap.admin.type.DataSourceType)
Element(com.zimbra.common.soap.Element)
ModifyDataSourceRequest(com.zimbra.soap.admin.message.ModifyDataSourceRequest)
AttributeClass(com.zimbra.cs.account.AttributeClass)
Provisioning(com.zimbra.cs.account.Provisioning)
DataSource(com.zimbra.cs.account.DataSource)
Aggregations
AttributeClass (com.zimbra.cs.account.AttributeClass)5
Element (com.zimbra.common.soap.Element)3
ZimbraSoapContext (com.zimbra.soap.ZimbraSoapContext)3
Account (com.zimbra.cs.account.Account)2
AttributeManager (com.zimbra.cs.account.AttributeManager)2
DataSource (com.zimbra.cs.account.DataSource)2
Provisioning (com.zimbra.cs.account.Provisioning)2
DataSourceType (com.zimbra.soap.admin.type.DataSourceType)2
AttributeFlag (com.zimbra.cs.account.AttributeFlag)1
AttributeInfo (com.zimbra.cs.account.AttributeInfo)1
Domain (com.zimbra.cs.account.Domain)1
Entry (com.zimbra.cs.account.Entry)1
Group (com.zimbra.cs.account.Group)1
ModifyDataSourceRequest (com.zimbra.soap.admin.message.ModifyDataSourceRequest)1
DataSourceInfo (com.zimbra.soap.admin.type.DataSourceInfo)1
HashMap (java.util.HashMap)1
HashSet (java.util.HashSet)1
Map (java.util.Map)1
Set (java.util.Set)1
TreeSet (java.util.TreeSet)1
