use of com.zimbra.cs.account.DistributionList in project zm-mailbox by Zimbra.
the class GetAdminConsoleUIComp method handle.
@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
ZimbraSoapContext zsc = getZimbraSoapContext(context);
Provisioning prov = Provisioning.getInstance();
GetAdminConsoleUICompRequest req = JaxbUtil.elementToJaxb(request);
AccountSelector accountSel = req.getAccount();
DistributionListSelector dlSel = req.getDl();
Element resp = zsc.createElement(AdminConstants.GET_ADMIN_CONSOLE_UI_COMP_RESPONSE);
if ((null != accountSel) && (null != dlSel)) {
throw ServiceException.INVALID_REQUEST("can only specify eith account or dl", null);
}
Account authedAcct = getAuthenticatedAccount(zsc);
Set<String> added = new HashSet<String>();
GroupMembership aclGroups = null;
if (accountSel != null) {
AccountBy by = accountSel.getBy().toKeyAccountBy();
String key = accountSel.getKey();
Account acct = prov.get(by, key);
AccountHarvestingCheckerUsingCheckRight checker = new AccountHarvestingCheckerUsingCheckRight(zsc, context, Admin.R_viewAccountAdminUI);
if (acct == null) {
defendAgainstAccountHarvestingWhenAbsent(by, key, zsc, checker);
} else {
if (!authedAcct.getId().equals(acct.getId())) {
defendAgainstAccountHarvesting(acct, by, key, zsc, checker);
}
addValues(acct, resp, added, false);
aclGroups = prov.getGroupMembership(acct, true);
}
} else if (dlSel != null) {
Key.DistributionListBy by = dlSel.getBy().toKeyDistributionListBy();
String key = dlSel.getKey();
DistributionList dl = prov.getDLBasic(by, key);
GroupHarvestingCheckerUsingCheckRight checker = new GroupHarvestingCheckerUsingCheckRight(zsc, context, Admin.R_viewDistributionListAdminUI);
if (dl == null) {
defendAgainstGroupHarvestingWhenAbsent(by, key, zsc, checker);
} else {
defendAgainstGroupHarvesting(dl, by, key, zsc, checker);
addValues(dl, resp, added, false);
aclGroups = prov.getGroupMembership(dl, true);
}
} else {
// use the authed account
addValues(authedAcct, resp, added, false);
aclGroups = prov.getGroupMembership(authedAcct, true);
}
if (aclGroups != null) {
for (String groupId : aclGroups.groupIds()) {
DistributionList dl = prov.get(Key.DistributionListBy.id, groupId);
addValues(dl, resp, added, true);
}
}
return resp;
}
use of com.zimbra.cs.account.DistributionList in project zm-mailbox by Zimbra.
the class GrantPermission method handleACE.
/**
* // orig: FolderAction
*
* @param eACE
* @param zsc
* @param granting true if granting, false if revoking
* @return
* @throws ServiceException
*/
static ZimbraACE handleACE(Element eACE, ZimbraSoapContext zsc, boolean granting) throws ServiceException {
Right right = RightManager.getInstance().getUserRight(eACE.getAttribute(MailConstants.A_RIGHT));
GranteeType gtype = GranteeType.fromCode(eACE.getAttribute(MailConstants.A_GRANT_TYPE));
String zid = eACE.getAttribute(MailConstants.A_ZIMBRA_ID, null);
boolean deny = eACE.getAttributeBool(MailConstants.A_DENY, false);
String secret = null;
NamedEntry nentry = null;
if (gtype == GranteeType.GT_AUTHUSER) {
zid = GuestAccount.GUID_AUTHUSER;
} else if (gtype == GranteeType.GT_PUBLIC) {
zid = GuestAccount.GUID_PUBLIC;
} else if (gtype == GranteeType.GT_GUEST) {
zid = eACE.getAttribute(MailConstants.A_DISPLAY);
if (zid == null || zid.indexOf('@') < 0)
throw ServiceException.INVALID_REQUEST("invalid guest id or password", null);
// make sure they didn't accidentally specify "guest" instead of "usr"
try {
nentry = lookupGranteeByName(zid, GranteeType.GT_USER, zsc);
zid = nentry.getId();
gtype = nentry instanceof DistributionList ? GranteeType.GT_GROUP : GranteeType.GT_USER;
} catch (ServiceException e) {
// this is the normal path, where lookupGranteeByName throws account.NO_SUCH_USER
secret = eACE.getAttribute(MailConstants.A_PASSWORD);
}
} else if (gtype == GranteeType.GT_KEY) {
zid = eACE.getAttribute(MailConstants.A_DISPLAY);
// unlike guest, we do not require the display name to be an email address
/*
if (zid == null || zid.indexOf('@') < 0)
throw ServiceException.INVALID_REQUEST("invalid guest id or key", null);
*/
// unlike guest, we do not fixup grantee type for key grantees if they specify an internal user
// get the optional accesskey
secret = eACE.getAttribute(MailConstants.A_ACCESSKEY, null);
} else if (zid != null) {
nentry = lookupGranteeByZimbraId(zid, gtype, granting);
} else {
nentry = lookupGranteeByName(eACE.getAttribute(MailConstants.A_DISPLAY), gtype, zsc);
zid = nentry.getId();
// make sure they didn't accidentally specify "usr" instead of "grp"
if (gtype == GranteeType.GT_USER && nentry instanceof DistributionList)
gtype = GranteeType.GT_GROUP;
}
RightModifier rightModifier = null;
if (deny)
rightModifier = RightModifier.RM_DENY;
return new ZimbraACE(zid, gtype, right, rightModifier, secret);
}
use of com.zimbra.cs.account.DistributionList in project zm-mailbox by Zimbra.
the class TestACLAllEffRights method shapeTest2.
@Test
public void shapeTest2() throws Exception {
/*
* setup
*/
String domainName = genDomainName(baseDomainName());
Domain domain = provUtil.createDomain(domainName);
DistributionList groupA = provUtil.createDistributionList("groupA", domain);
DistributionList groupB = provUtil.createDistributionList("groupB", domain);
DistributionList groupC = provUtil.createDistributionList("groupC", domain);
DistributionList groupD = provUtil.createDistributionList("groupD", domain);
Account A = provUtil.createAccount("A", domain);
Account B = provUtil.createAccount("B", domain);
Account C = provUtil.createAccount("C", domain);
Account D = provUtil.createAccount("D", domain);
groupA.addMembers(new String[] { A.getName(), groupB.getName() });
groupB.addMembers(new String[] { B.getName(), groupC.getName() });
groupC.addMembers(new String[] { C.getName(), groupD.getName() });
groupD.addMembers(new String[] { D.getName() });
/*
* test
*/
Set<DistributionList> groupsWithGrants = new HashSet<DistributionList>();
groupsWithGrants.add(groupA);
groupsWithGrants.add(groupB);
groupsWithGrants.add(groupC);
groupsWithGrants.add(groupD);
Set<GroupShape> accountShapes = new HashSet<GroupShape>();
Set<GroupShape> calendarResourceShapes = new HashSet<GroupShape>();
Set<GroupShape> distributionListShapes = new HashSet<GroupShape>();
for (DistributionList group : groupsWithGrants) {
DistributionList dl = prov.get(DistributionListBy.id, group.getId());
AllGroupMembers allMembers = allGroupMembers(dl);
GroupShape.shapeMembers(TargetType.account, accountShapes, allMembers);
GroupShape.shapeMembers(TargetType.calresource, calendarResourceShapes, allMembers);
GroupShape.shapeMembers(TargetType.dl, distributionListShapes, allMembers);
}
/*
* verify
*/
Set<String> result = new HashSet<String>();
int count = 1;
for (GroupShape shape : accountShapes) {
List<String> elements = new ArrayList<String>();
System.out.println("\n" + count++);
for (String group : shape.getGroups()) {
System.out.println("group " + group);
elements.add("group " + group);
}
for (String member : shape.getMembers()) {
System.out.println(" " + member);
elements.add("member " + member);
}
Collections.sort(elements);
// but it does not affect functionality
if (shape.getMembers().size() > 0) {
result.add(Verify.makeResultStr(elements));
}
}
Set<String> expected = new HashSet<String>();
expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupA.getName(), "member " + A.getName())));
expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupA.getName(), "group " + groupB.getName(), "member " + B.getName())));
expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupA.getName(), "group " + groupB.getName(), "group " + groupC.getName(), "member " + C.getName())));
expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupA.getName(), "group " + groupB.getName(), "group " + groupC.getName(), "group " + groupD.getName(), "member " + D.getName())));
Verify.verifyEquals(expected, result);
}
use of com.zimbra.cs.account.DistributionList in project zm-mailbox by Zimbra.
the class TestACLAllEffRights method disinheritSubGroupModifier.
/*
zmprov cdl dl@test.com
zmprov cdl subdl@test.com
zmprov cdl subsubdl@test.com
zmprov ca da1@test.com test123 zimbraIsDelegatedAdminAccount TRUE
zmprov ca da2@test.com test123 zimbraIsDelegatedAdminAccount TRUE
zmprov ca a_dl@test.com test123
zmprov ca a_subdl@test.com test123
zmprov ca a_subsubdl@test.com test123
zmprov adlm dl@test.com subdl@test.com a_dl@test.com
zmprov adlm subdl@test.com subsubdl@test.com a_subdl@test.com
zmprov adlm subsubdl@test.com a_subsubdl@test.com
zmprov grr dl dl@test.com usr da1@test.com addDistributionListMember
zmprov grr dl dl@test.com usr da1@test.com modifyDistributionList
zmprov grr dl dl@test.com usr da1@test.com modifyAccount
zmprov grr dl dl@test.com usr da1@test.com listAccount
zmprov grr dl dl@test.com usr da2@test.com ^addDistributionListMember
zmprov grr dl dl@test.com usr da2@test.com ^modifyDistributionList
zmprov grr dl dl@test.com usr da2@test.com ^modifyAccount
zmprov grr dl dl@test.com usr da2@test.com ^listAccount
*/
@Test
public void disinheritSubGroupModifier() throws Exception {
/*
* setup
*/
/*
* dl has members:
* subdl
* a_dl
*
* subdl has members:
* subsubdl
* a_subdl
*
* subsubdl has members:
* a_subsubdl
*/
String domainName = genDomainName(baseDomainName());
Domain domain = provUtil.createDomain(domainName);
// groups
DistributionList dl = provUtil.createDistributionList("dl", domain);
DistributionList subdl = provUtil.createDistributionList("subdl", domain);
DistributionList subsubdl = provUtil.createDistributionList("subsubdl", domain);
// users
Account a_dl = provUtil.createAccount("a_dl", domain);
Account a_subdl = provUtil.createAccount("a_subdl", domain);
Account a_subsubdl = provUtil.createAccount("a_subsubdl", domain);
// delegated admins
Account da1 = provUtil.createDelegatedAdmin("da1", domain);
Account da2 = provUtil.createDelegatedAdmin("da2", domain);
dl.addMembers(new String[] { subdl.getName(), a_dl.getName() });
subdl.addMembers(new String[] { subsubdl.getName(), a_subdl.getName() });
subsubdl.addMembers(new String[] { a_subsubdl.getName() });
Right DL_RESET_RIGHT = Admin.R_addDistributionListMember;
Right DL_ATTR_RIGHT = Admin.R_modifyDistributionList;
Right ACCT_PRESET_RIGHT = Admin.R_listAccount;
Right ACCT_ATTR_RIGHT = Admin.R_modifyAccount;
RightCommand.grantRight(prov, null, TargetType.dl.getCode(), TargetBy.name, dl.getName(), GranteeType.GT_USER.getCode(), GranteeBy.name, da1.getName(), null, DL_RESET_RIGHT.getName(), null);
RightCommand.grantRight(prov, null, TargetType.dl.getCode(), TargetBy.name, dl.getName(), GranteeType.GT_USER.getCode(), GranteeBy.name, da1.getName(), null, DL_ATTR_RIGHT.getName(), null);
RightCommand.grantRight(prov, null, TargetType.dl.getCode(), TargetBy.name, dl.getName(), GranteeType.GT_USER.getCode(), GranteeBy.name, da1.getName(), null, ACCT_PRESET_RIGHT.getName(), null);
RightCommand.grantRight(prov, null, TargetType.dl.getCode(), TargetBy.name, dl.getName(), GranteeType.GT_USER.getCode(), GranteeBy.name, da1.getName(), null, ACCT_ATTR_RIGHT.getName(), null);
RightCommand.grantRight(prov, null, TargetType.dl.getCode(), TargetBy.name, dl.getName(), GranteeType.GT_USER.getCode(), GranteeBy.name, da2.getName(), null, DL_RESET_RIGHT.getName(), RightModifier.RM_DENY);
RightCommand.grantRight(prov, null, TargetType.dl.getCode(), TargetBy.name, dl.getName(), GranteeType.GT_USER.getCode(), GranteeBy.name, da2.getName(), null, DL_ATTR_RIGHT.getName(), RightModifier.RM_DENY);
RightCommand.grantRight(prov, null, TargetType.dl.getCode(), TargetBy.name, dl.getName(), GranteeType.GT_USER.getCode(), GranteeBy.name, da2.getName(), null, ACCT_PRESET_RIGHT.getName(), RightModifier.RM_DENY);
RightCommand.grantRight(prov, null, TargetType.dl.getCode(), TargetBy.name, dl.getName(), GranteeType.GT_USER.getCode(), GranteeBy.name, da2.getName(), null, ACCT_ATTR_RIGHT.getName(), RightModifier.RM_DENY);
}
use of com.zimbra.cs.account.DistributionList in project zm-mailbox by Zimbra.
the class TestACLAllEffRights method shapeTest1.
@Test
public void shapeTest1() throws Exception {
/*
* setup
*/
String domainName = genDomainName(baseDomainName());
Domain domain = provUtil.createDomain(domainName);
DistributionList groupA = provUtil.createDistributionList("groupA", domain);
DistributionList groupB = provUtil.createDistributionList("groupB", domain);
DistributionList groupC = provUtil.createDistributionList("groupC", domain);
DistributionList groupD = provUtil.createDistributionList("groupD", domain);
Account A = provUtil.createAccount("A", domain);
Account B = provUtil.createAccount("B", domain);
Account C = provUtil.createAccount("C", domain);
Account D = provUtil.createAccount("D", domain);
Account AB = provUtil.createAccount("AB", domain);
Account AC = provUtil.createAccount("AC", domain);
Account AD = provUtil.createAccount("AD", domain);
Account BC = provUtil.createAccount("BC", domain);
Account BD = provUtil.createAccount("BD", domain);
Account CD = provUtil.createAccount("CD", domain);
Account ABC = provUtil.createAccount("ABC", domain);
Account ABD = provUtil.createAccount("ABD", domain);
Account ACD = provUtil.createAccount("ACD", domain);
Account BCD = provUtil.createAccount("BCD", domain);
Account ABCD = provUtil.createAccount("ABCD", domain);
groupA.addMembers(new String[] { A.getName(), AB.getName(), AC.getName(), AD.getName(), ABC.getName(), ABD.getName(), ACD.getName(), ABCD.getName() });
groupB.addMembers(new String[] { B.getName(), AB.getName(), BC.getName(), BD.getName(), ABC.getName(), ABD.getName(), BCD.getName(), ABCD.getName() });
groupC.addMembers(new String[] { C.getName(), AC.getName(), BC.getName(), CD.getName(), ABC.getName(), ACD.getName(), BCD.getName(), ABCD.getName() });
groupD.addMembers(new String[] { D.getName(), AD.getName(), BD.getName(), CD.getName(), ABD.getName(), ACD.getName(), BCD.getName(), ABCD.getName() });
/*
* test
*/
Set<DistributionList> groupsWithGrants = new HashSet<DistributionList>();
groupsWithGrants.add(groupA);
groupsWithGrants.add(groupB);
groupsWithGrants.add(groupC);
groupsWithGrants.add(groupD);
Set<GroupShape> accountShapes = new HashSet<GroupShape>();
Set<GroupShape> calendarResourceShapes = new HashSet<GroupShape>();
Set<GroupShape> distributionListShapes = new HashSet<GroupShape>();
for (DistributionList group : groupsWithGrants) {
DistributionList dl = prov.get(DistributionListBy.id, group.getId());
AllGroupMembers allMembers = allGroupMembers(dl);
GroupShape.shapeMembers(TargetType.account, accountShapes, allMembers);
GroupShape.shapeMembers(TargetType.calresource, calendarResourceShapes, allMembers);
GroupShape.shapeMembers(TargetType.dl, distributionListShapes, allMembers);
}
/*
* verify
*/
Set<String> result = new HashSet<String>();
int count = 1;
for (GroupShape shape : accountShapes) {
List<String> elements = new ArrayList<String>();
System.out.println("\n" + count++);
for (String group : shape.getGroups()) {
System.out.println("group " + group);
elements.add("group " + group);
}
for (String member : shape.getMembers()) {
System.out.println(" member" + member);
elements.add("member " + member);
}
Collections.sort(elements);
// but it does not affect functionality
if (shape.getMembers().size() > 0) {
result.add(Verify.makeResultStr(elements));
}
}
Set<String> expected = new HashSet<String>();
expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupA.getName(), "member " + A.getName())));
expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupB.getName(), "member " + B.getName())));
expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupC.getName(), "member " + C.getName())));
expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupD.getName(), "member " + D.getName())));
expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupA.getName(), "group " + groupB.getName(), "member " + AB.getName())));
expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupA.getName(), "group " + groupC.getName(), "member " + AC.getName())));
expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupA.getName(), "group " + groupD.getName(), "member " + AD.getName())));
expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupB.getName(), "group " + groupC.getName(), "member " + BC.getName())));
expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupB.getName(), "group " + groupD.getName(), "member " + BD.getName())));
expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupC.getName(), "group " + groupD.getName(), "member " + CD.getName())));
expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupA.getName(), "group " + groupB.getName(), "group " + groupC.getName(), "member " + ABC.getName())));
expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupA.getName(), "group " + groupB.getName(), "group " + groupD.getName(), "member " + ABD.getName())));
expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupA.getName(), "group " + groupC.getName(), "group " + groupD.getName(), "member " + ACD.getName())));
expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupB.getName(), "group " + groupC.getName(), "group " + groupD.getName(), "member " + BCD.getName())));
expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupA.getName(), "group " + groupB.getName(), "group " + groupC.getName(), "group " + groupD.getName(), "member " + ABCD.getName())));
Verify.verifyEquals(expected, result);
}
Aggregations