Search in sources :

Example 66 with DistributionList

use of com.zimbra.cs.account.DistributionList in project zm-mailbox by Zimbra.

the class GetAdminConsoleUIComp method handle.

@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
    ZimbraSoapContext zsc = getZimbraSoapContext(context);
    Provisioning prov = Provisioning.getInstance();
    GetAdminConsoleUICompRequest req = JaxbUtil.elementToJaxb(request);
    AccountSelector accountSel = req.getAccount();
    DistributionListSelector dlSel = req.getDl();
    Element resp = zsc.createElement(AdminConstants.GET_ADMIN_CONSOLE_UI_COMP_RESPONSE);
    if ((null != accountSel) && (null != dlSel)) {
        throw ServiceException.INVALID_REQUEST("can only specify eith account or dl", null);
    }
    Account authedAcct = getAuthenticatedAccount(zsc);
    Set<String> added = new HashSet<String>();
    GroupMembership aclGroups = null;
    if (accountSel != null) {
        AccountBy by = accountSel.getBy().toKeyAccountBy();
        String key = accountSel.getKey();
        Account acct = prov.get(by, key);
        AccountHarvestingCheckerUsingCheckRight checker = new AccountHarvestingCheckerUsingCheckRight(zsc, context, Admin.R_viewAccountAdminUI);
        if (acct == null) {
            defendAgainstAccountHarvestingWhenAbsent(by, key, zsc, checker);
        } else {
            if (!authedAcct.getId().equals(acct.getId())) {
                defendAgainstAccountHarvesting(acct, by, key, zsc, checker);
            }
            addValues(acct, resp, added, false);
            aclGroups = prov.getGroupMembership(acct, true);
        }
    } else if (dlSel != null) {
        Key.DistributionListBy by = dlSel.getBy().toKeyDistributionListBy();
        String key = dlSel.getKey();
        DistributionList dl = prov.getDLBasic(by, key);
        GroupHarvestingCheckerUsingCheckRight checker = new GroupHarvestingCheckerUsingCheckRight(zsc, context, Admin.R_viewDistributionListAdminUI);
        if (dl == null) {
            defendAgainstGroupHarvestingWhenAbsent(by, key, zsc, checker);
        } else {
            defendAgainstGroupHarvesting(dl, by, key, zsc, checker);
            addValues(dl, resp, added, false);
            aclGroups = prov.getGroupMembership(dl, true);
        }
    } else {
        // use the authed account
        addValues(authedAcct, resp, added, false);
        aclGroups = prov.getGroupMembership(authedAcct, true);
    }
    if (aclGroups != null) {
        for (String groupId : aclGroups.groupIds()) {
            DistributionList dl = prov.get(Key.DistributionListBy.id, groupId);
            addValues(dl, resp, added, true);
        }
    }
    return resp;
}
Also used : Account(com.zimbra.cs.account.Account) Element(com.zimbra.common.soap.Element) AccountSelector(com.zimbra.soap.type.AccountSelector) GroupMembership(com.zimbra.cs.account.Provisioning.GroupMembership) DistributionListSelector(com.zimbra.soap.admin.type.DistributionListSelector) Provisioning(com.zimbra.cs.account.Provisioning) AccountBy(com.zimbra.common.account.Key.AccountBy) ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext) GetAdminConsoleUICompRequest(com.zimbra.soap.admin.message.GetAdminConsoleUICompRequest) HashSet(java.util.HashSet) DistributionList(com.zimbra.cs.account.DistributionList)

Example 67 with DistributionList

use of com.zimbra.cs.account.DistributionList in project zm-mailbox by Zimbra.

the class GrantPermission method handleACE.

/**
     * // orig: FolderAction
     * 
     * @param eACE
     * @param zsc
     * @param granting true if granting, false if revoking
     * @return
     * @throws ServiceException
     */
static ZimbraACE handleACE(Element eACE, ZimbraSoapContext zsc, boolean granting) throws ServiceException {
    Right right = RightManager.getInstance().getUserRight(eACE.getAttribute(MailConstants.A_RIGHT));
    GranteeType gtype = GranteeType.fromCode(eACE.getAttribute(MailConstants.A_GRANT_TYPE));
    String zid = eACE.getAttribute(MailConstants.A_ZIMBRA_ID, null);
    boolean deny = eACE.getAttributeBool(MailConstants.A_DENY, false);
    String secret = null;
    NamedEntry nentry = null;
    if (gtype == GranteeType.GT_AUTHUSER) {
        zid = GuestAccount.GUID_AUTHUSER;
    } else if (gtype == GranteeType.GT_PUBLIC) {
        zid = GuestAccount.GUID_PUBLIC;
    } else if (gtype == GranteeType.GT_GUEST) {
        zid = eACE.getAttribute(MailConstants.A_DISPLAY);
        if (zid == null || zid.indexOf('@') < 0)
            throw ServiceException.INVALID_REQUEST("invalid guest id or password", null);
        // make sure they didn't accidentally specify "guest" instead of "usr"
        try {
            nentry = lookupGranteeByName(zid, GranteeType.GT_USER, zsc);
            zid = nentry.getId();
            gtype = nentry instanceof DistributionList ? GranteeType.GT_GROUP : GranteeType.GT_USER;
        } catch (ServiceException e) {
            // this is the normal path, where lookupGranteeByName throws account.NO_SUCH_USER
            secret = eACE.getAttribute(MailConstants.A_PASSWORD);
        }
    } else if (gtype == GranteeType.GT_KEY) {
        zid = eACE.getAttribute(MailConstants.A_DISPLAY);
        // unlike guest, we do not require the display name to be an email address
        /*
            if (zid == null || zid.indexOf('@') < 0)
                throw ServiceException.INVALID_REQUEST("invalid guest id or key", null);
            */
        // unlike guest, we do not fixup grantee type for key grantees if they specify an internal user
        // get the optional accesskey
        secret = eACE.getAttribute(MailConstants.A_ACCESSKEY, null);
    } else if (zid != null) {
        nentry = lookupGranteeByZimbraId(zid, gtype, granting);
    } else {
        nentry = lookupGranteeByName(eACE.getAttribute(MailConstants.A_DISPLAY), gtype, zsc);
        zid = nentry.getId();
        // make sure they didn't accidentally specify "usr" instead of "grp"
        if (gtype == GranteeType.GT_USER && nentry instanceof DistributionList)
            gtype = GranteeType.GT_GROUP;
    }
    RightModifier rightModifier = null;
    if (deny)
        rightModifier = RightModifier.RM_DENY;
    return new ZimbraACE(zid, gtype, right, rightModifier, secret);
}
Also used : ZimbraACE(com.zimbra.cs.account.accesscontrol.ZimbraACE) NamedEntry(com.zimbra.cs.account.NamedEntry) GranteeType(com.zimbra.cs.account.accesscontrol.GranteeType) AccountServiceException(com.zimbra.cs.account.AccountServiceException) ServiceException(com.zimbra.common.service.ServiceException) Right(com.zimbra.cs.account.accesscontrol.Right) RightModifier(com.zimbra.cs.account.accesscontrol.RightModifier) DistributionList(com.zimbra.cs.account.DistributionList)

Example 68 with DistributionList

use of com.zimbra.cs.account.DistributionList in project zm-mailbox by Zimbra.

the class TestACLAllEffRights method shapeTest2.

@Test
public void shapeTest2() throws Exception {
    /*
         * setup
         */
    String domainName = genDomainName(baseDomainName());
    Domain domain = provUtil.createDomain(domainName);
    DistributionList groupA = provUtil.createDistributionList("groupA", domain);
    DistributionList groupB = provUtil.createDistributionList("groupB", domain);
    DistributionList groupC = provUtil.createDistributionList("groupC", domain);
    DistributionList groupD = provUtil.createDistributionList("groupD", domain);
    Account A = provUtil.createAccount("A", domain);
    Account B = provUtil.createAccount("B", domain);
    Account C = provUtil.createAccount("C", domain);
    Account D = provUtil.createAccount("D", domain);
    groupA.addMembers(new String[] { A.getName(), groupB.getName() });
    groupB.addMembers(new String[] { B.getName(), groupC.getName() });
    groupC.addMembers(new String[] { C.getName(), groupD.getName() });
    groupD.addMembers(new String[] { D.getName() });
    /*
         * test
         */
    Set<DistributionList> groupsWithGrants = new HashSet<DistributionList>();
    groupsWithGrants.add(groupA);
    groupsWithGrants.add(groupB);
    groupsWithGrants.add(groupC);
    groupsWithGrants.add(groupD);
    Set<GroupShape> accountShapes = new HashSet<GroupShape>();
    Set<GroupShape> calendarResourceShapes = new HashSet<GroupShape>();
    Set<GroupShape> distributionListShapes = new HashSet<GroupShape>();
    for (DistributionList group : groupsWithGrants) {
        DistributionList dl = prov.get(DistributionListBy.id, group.getId());
        AllGroupMembers allMembers = allGroupMembers(dl);
        GroupShape.shapeMembers(TargetType.account, accountShapes, allMembers);
        GroupShape.shapeMembers(TargetType.calresource, calendarResourceShapes, allMembers);
        GroupShape.shapeMembers(TargetType.dl, distributionListShapes, allMembers);
    }
    /*
         * verify
         */
    Set<String> result = new HashSet<String>();
    int count = 1;
    for (GroupShape shape : accountShapes) {
        List<String> elements = new ArrayList<String>();
        System.out.println("\n" + count++);
        for (String group : shape.getGroups()) {
            System.out.println("group " + group);
            elements.add("group " + group);
        }
        for (String member : shape.getMembers()) {
            System.out.println("    " + member);
            elements.add("member " + member);
        }
        Collections.sort(elements);
        // but it does not affect functionality
        if (shape.getMembers().size() > 0) {
            result.add(Verify.makeResultStr(elements));
        }
    }
    Set<String> expected = new HashSet<String>();
    expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupA.getName(), "member " + A.getName())));
    expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupA.getName(), "group " + groupB.getName(), "member " + B.getName())));
    expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupA.getName(), "group " + groupB.getName(), "group " + groupC.getName(), "member " + C.getName())));
    expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupA.getName(), "group " + groupB.getName(), "group " + groupC.getName(), "group " + groupD.getName(), "member " + D.getName())));
    Verify.verifyEquals(expected, result);
}
Also used : Account(com.zimbra.cs.account.Account) ArrayList(java.util.ArrayList) AllGroupMembers(com.zimbra.cs.account.accesscontrol.CollectAllEffectiveRights.AllGroupMembers) GroupShape(com.zimbra.cs.account.accesscontrol.CollectAllEffectiveRights.GroupShape) Domain(com.zimbra.cs.account.Domain) DistributionList(com.zimbra.cs.account.DistributionList) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 69 with DistributionList

use of com.zimbra.cs.account.DistributionList in project zm-mailbox by Zimbra.

the class TestACLAllEffRights method disinheritSubGroupModifier.

/*
    zmprov cdl dl@test.com
    zmprov cdl subdl@test.com
    zmprov cdl subsubdl@test.com

    zmprov ca da1@test.com test123 zimbraIsDelegatedAdminAccount TRUE
    zmprov ca da2@test.com test123 zimbraIsDelegatedAdminAccount TRUE

    zmprov ca a_dl@test.com test123
    zmprov ca a_subdl@test.com test123
    zmprov ca a_subsubdl@test.com test123

    zmprov adlm dl@test.com subdl@test.com a_dl@test.com
    zmprov adlm subdl@test.com subsubdl@test.com a_subdl@test.com
    zmprov adlm subsubdl@test.com a_subsubdl@test.com

    zmprov grr dl dl@test.com usr da1@test.com addDistributionListMember
    zmprov grr dl dl@test.com usr da1@test.com modifyDistributionList
    zmprov grr dl dl@test.com usr da1@test.com modifyAccount
    zmprov grr dl dl@test.com usr da1@test.com listAccount

    zmprov grr dl dl@test.com usr da2@test.com ^addDistributionListMember
    zmprov grr dl dl@test.com usr da2@test.com ^modifyDistributionList
    zmprov grr dl dl@test.com usr da2@test.com ^modifyAccount
    zmprov grr dl dl@test.com usr da2@test.com ^listAccount
     */
@Test
public void disinheritSubGroupModifier() throws Exception {
    /*
         * setup
         */
    /*
         * dl has members:
         *    subdl
         *    a_dl
         *
         * subdl has members:
         *    subsubdl
         *    a_subdl
         *
         * subsubdl has members:
         *    a_subsubdl
         */
    String domainName = genDomainName(baseDomainName());
    Domain domain = provUtil.createDomain(domainName);
    // groups
    DistributionList dl = provUtil.createDistributionList("dl", domain);
    DistributionList subdl = provUtil.createDistributionList("subdl", domain);
    DistributionList subsubdl = provUtil.createDistributionList("subsubdl", domain);
    // users
    Account a_dl = provUtil.createAccount("a_dl", domain);
    Account a_subdl = provUtil.createAccount("a_subdl", domain);
    Account a_subsubdl = provUtil.createAccount("a_subsubdl", domain);
    // delegated admins
    Account da1 = provUtil.createDelegatedAdmin("da1", domain);
    Account da2 = provUtil.createDelegatedAdmin("da2", domain);
    dl.addMembers(new String[] { subdl.getName(), a_dl.getName() });
    subdl.addMembers(new String[] { subsubdl.getName(), a_subdl.getName() });
    subsubdl.addMembers(new String[] { a_subsubdl.getName() });
    Right DL_RESET_RIGHT = Admin.R_addDistributionListMember;
    Right DL_ATTR_RIGHT = Admin.R_modifyDistributionList;
    Right ACCT_PRESET_RIGHT = Admin.R_listAccount;
    Right ACCT_ATTR_RIGHT = Admin.R_modifyAccount;
    RightCommand.grantRight(prov, null, TargetType.dl.getCode(), TargetBy.name, dl.getName(), GranteeType.GT_USER.getCode(), GranteeBy.name, da1.getName(), null, DL_RESET_RIGHT.getName(), null);
    RightCommand.grantRight(prov, null, TargetType.dl.getCode(), TargetBy.name, dl.getName(), GranteeType.GT_USER.getCode(), GranteeBy.name, da1.getName(), null, DL_ATTR_RIGHT.getName(), null);
    RightCommand.grantRight(prov, null, TargetType.dl.getCode(), TargetBy.name, dl.getName(), GranteeType.GT_USER.getCode(), GranteeBy.name, da1.getName(), null, ACCT_PRESET_RIGHT.getName(), null);
    RightCommand.grantRight(prov, null, TargetType.dl.getCode(), TargetBy.name, dl.getName(), GranteeType.GT_USER.getCode(), GranteeBy.name, da1.getName(), null, ACCT_ATTR_RIGHT.getName(), null);
    RightCommand.grantRight(prov, null, TargetType.dl.getCode(), TargetBy.name, dl.getName(), GranteeType.GT_USER.getCode(), GranteeBy.name, da2.getName(), null, DL_RESET_RIGHT.getName(), RightModifier.RM_DENY);
    RightCommand.grantRight(prov, null, TargetType.dl.getCode(), TargetBy.name, dl.getName(), GranteeType.GT_USER.getCode(), GranteeBy.name, da2.getName(), null, DL_ATTR_RIGHT.getName(), RightModifier.RM_DENY);
    RightCommand.grantRight(prov, null, TargetType.dl.getCode(), TargetBy.name, dl.getName(), GranteeType.GT_USER.getCode(), GranteeBy.name, da2.getName(), null, ACCT_PRESET_RIGHT.getName(), RightModifier.RM_DENY);
    RightCommand.grantRight(prov, null, TargetType.dl.getCode(), TargetBy.name, dl.getName(), GranteeType.GT_USER.getCode(), GranteeBy.name, da2.getName(), null, ACCT_ATTR_RIGHT.getName(), RightModifier.RM_DENY);
}
Also used : Account(com.zimbra.cs.account.Account) Right(com.zimbra.cs.account.accesscontrol.Right) Domain(com.zimbra.cs.account.Domain) DistributionList(com.zimbra.cs.account.DistributionList) Test(org.junit.Test)

Example 70 with DistributionList

use of com.zimbra.cs.account.DistributionList in project zm-mailbox by Zimbra.

the class TestACLAllEffRights method shapeTest1.

@Test
public void shapeTest1() throws Exception {
    /*
         * setup
         */
    String domainName = genDomainName(baseDomainName());
    Domain domain = provUtil.createDomain(domainName);
    DistributionList groupA = provUtil.createDistributionList("groupA", domain);
    DistributionList groupB = provUtil.createDistributionList("groupB", domain);
    DistributionList groupC = provUtil.createDistributionList("groupC", domain);
    DistributionList groupD = provUtil.createDistributionList("groupD", domain);
    Account A = provUtil.createAccount("A", domain);
    Account B = provUtil.createAccount("B", domain);
    Account C = provUtil.createAccount("C", domain);
    Account D = provUtil.createAccount("D", domain);
    Account AB = provUtil.createAccount("AB", domain);
    Account AC = provUtil.createAccount("AC", domain);
    Account AD = provUtil.createAccount("AD", domain);
    Account BC = provUtil.createAccount("BC", domain);
    Account BD = provUtil.createAccount("BD", domain);
    Account CD = provUtil.createAccount("CD", domain);
    Account ABC = provUtil.createAccount("ABC", domain);
    Account ABD = provUtil.createAccount("ABD", domain);
    Account ACD = provUtil.createAccount("ACD", domain);
    Account BCD = provUtil.createAccount("BCD", domain);
    Account ABCD = provUtil.createAccount("ABCD", domain);
    groupA.addMembers(new String[] { A.getName(), AB.getName(), AC.getName(), AD.getName(), ABC.getName(), ABD.getName(), ACD.getName(), ABCD.getName() });
    groupB.addMembers(new String[] { B.getName(), AB.getName(), BC.getName(), BD.getName(), ABC.getName(), ABD.getName(), BCD.getName(), ABCD.getName() });
    groupC.addMembers(new String[] { C.getName(), AC.getName(), BC.getName(), CD.getName(), ABC.getName(), ACD.getName(), BCD.getName(), ABCD.getName() });
    groupD.addMembers(new String[] { D.getName(), AD.getName(), BD.getName(), CD.getName(), ABD.getName(), ACD.getName(), BCD.getName(), ABCD.getName() });
    /*
         * test
         */
    Set<DistributionList> groupsWithGrants = new HashSet<DistributionList>();
    groupsWithGrants.add(groupA);
    groupsWithGrants.add(groupB);
    groupsWithGrants.add(groupC);
    groupsWithGrants.add(groupD);
    Set<GroupShape> accountShapes = new HashSet<GroupShape>();
    Set<GroupShape> calendarResourceShapes = new HashSet<GroupShape>();
    Set<GroupShape> distributionListShapes = new HashSet<GroupShape>();
    for (DistributionList group : groupsWithGrants) {
        DistributionList dl = prov.get(DistributionListBy.id, group.getId());
        AllGroupMembers allMembers = allGroupMembers(dl);
        GroupShape.shapeMembers(TargetType.account, accountShapes, allMembers);
        GroupShape.shapeMembers(TargetType.calresource, calendarResourceShapes, allMembers);
        GroupShape.shapeMembers(TargetType.dl, distributionListShapes, allMembers);
    }
    /*
         * verify
         */
    Set<String> result = new HashSet<String>();
    int count = 1;
    for (GroupShape shape : accountShapes) {
        List<String> elements = new ArrayList<String>();
        System.out.println("\n" + count++);
        for (String group : shape.getGroups()) {
            System.out.println("group " + group);
            elements.add("group " + group);
        }
        for (String member : shape.getMembers()) {
            System.out.println("    member" + member);
            elements.add("member " + member);
        }
        Collections.sort(elements);
        // but it does not affect functionality
        if (shape.getMembers().size() > 0) {
            result.add(Verify.makeResultStr(elements));
        }
    }
    Set<String> expected = new HashSet<String>();
    expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupA.getName(), "member " + A.getName())));
    expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupB.getName(), "member " + B.getName())));
    expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupC.getName(), "member " + C.getName())));
    expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupD.getName(), "member " + D.getName())));
    expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupA.getName(), "group " + groupB.getName(), "member " + AB.getName())));
    expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupA.getName(), "group " + groupC.getName(), "member " + AC.getName())));
    expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupA.getName(), "group " + groupD.getName(), "member " + AD.getName())));
    expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupB.getName(), "group " + groupC.getName(), "member " + BC.getName())));
    expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupB.getName(), "group " + groupD.getName(), "member " + BD.getName())));
    expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupC.getName(), "group " + groupD.getName(), "member " + CD.getName())));
    expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupA.getName(), "group " + groupB.getName(), "group " + groupC.getName(), "member " + ABC.getName())));
    expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupA.getName(), "group " + groupB.getName(), "group " + groupD.getName(), "member " + ABD.getName())));
    expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupA.getName(), "group " + groupC.getName(), "group " + groupD.getName(), "member " + ACD.getName())));
    expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupB.getName(), "group " + groupC.getName(), "group " + groupD.getName(), "member " + BCD.getName())));
    expected.add(Verify.makeResultStr(Lists.newArrayList("group " + groupA.getName(), "group " + groupB.getName(), "group " + groupC.getName(), "group " + groupD.getName(), "member " + ABCD.getName())));
    Verify.verifyEquals(expected, result);
}
Also used : Account(com.zimbra.cs.account.Account) ArrayList(java.util.ArrayList) AllGroupMembers(com.zimbra.cs.account.accesscontrol.CollectAllEffectiveRights.AllGroupMembers) GroupShape(com.zimbra.cs.account.accesscontrol.CollectAllEffectiveRights.GroupShape) Domain(com.zimbra.cs.account.Domain) DistributionList(com.zimbra.cs.account.DistributionList) HashSet(java.util.HashSet) Test(org.junit.Test)

Aggregations

DistributionList (com.zimbra.cs.account.DistributionList)120 Account (com.zimbra.cs.account.Account)58 Domain (com.zimbra.cs.account.Domain)43 HashMap (java.util.HashMap)24 Test (org.junit.Test)24 Provisioning (com.zimbra.cs.account.Provisioning)22 NamedEntry (com.zimbra.cs.account.NamedEntry)18 HashSet (java.util.HashSet)18 ArrayList (java.util.ArrayList)14 ServiceException (com.zimbra.common.service.ServiceException)13 AccountServiceException (com.zimbra.cs.account.AccountServiceException)13 Right (com.zimbra.cs.account.accesscontrol.Right)12 DynamicGroup (com.zimbra.cs.account.DynamicGroup)10 LdapDistributionList (com.zimbra.cs.account.ldap.entry.LdapDistributionList)10 Group (com.zimbra.cs.account.Group)9 GuestAccount (com.zimbra.cs.account.GuestAccount)9 LdapProv (com.zimbra.cs.account.ldap.LdapProv)8 List (java.util.List)7 Entry (com.zimbra.cs.account.Entry)6 LdapEntry (com.zimbra.cs.account.ldap.entry.LdapEntry)6