use of com.zimbra.cs.account.DistributionList in project zm-mailbox by Zimbra.
the class SoapProvisioning method getDistributionLists.
@Override
public List<DistributionList> getDistributionLists(DistributionList list, boolean directOnly, Map<String, String> via) throws ServiceException {
ArrayList<DistributionList> result = new ArrayList<DistributionList>();
GetDistributionListMembershipRequest req = new GetDistributionListMembershipRequest(getSelector(list), null, null);
GetDistributionListMembershipResponse resp = invokeJaxb(req);
for (DistributionListMembershipInfo dlMemInfo : resp.getDls()) {
String viaList = dlMemInfo.getVia();
if (directOnly && viaList != null)
continue;
DistributionList dl = new SoapDistributionList(dlMemInfo, this);
if (via != null && viaList != null) {
via.put(dl.getName(), viaList);
}
result.add(dl);
}
return result;
}
use of com.zimbra.cs.account.DistributionList in project zm-mailbox by Zimbra.
the class TestACLGrant method testDelegateToNonAdmin.
public void testDelegateToNonAdmin() throws Exception {
String testName = getTestName();
/*
* sys admin
*/
Account sysAdmin = getSystemAdminAccount(getEmailAddr(testName, "authed"));
/*
* grantees
*/
Account GA = createAccount(getEmailAddr(testName, "GA"));
DistributionList GG = createGroup(getEmailAddr(testName, "GG"));
// add a member to the group
Account member = createAccount(getEmailAddr(testName, "member"));
mProv.addMembers(GG, new String[] { member.getName() });
/*
* target
*/
String domainName = getSubDomainName(testName).toLowerCase();
Domain TD = mProv.createDomain(domainName, new HashMap<String, Object>());
// a user in the domain
Account TA = createAccount("acct@" + domainName);
/*
* right
*/
Right right = getRight("test-combo-account-domain");
// authed as sys admin
// cannot grant to a non-admin account/group
doTestGrant(sysAdmin, TargetType.domain, TD, GranteeType.GT_USER, GA, right, DELEGABLE, Result.INVALID_REQUEST);
doTestGrant(sysAdmin, TargetType.domain, TD, GranteeType.GT_GROUP, GG, right, DELEGABLE, Result.INVALID_REQUEST);
// revoke should be OK though, the admin bit is not checked for revoking
doTestRevoke(sysAdmin, TargetType.domain, TD, GranteeType.GT_USER, GA, right, DELEGABLE, Result.GOOD);
doTestRevoke(sysAdmin, TargetType.domain, TD, GranteeType.GT_GROUP, GG, right, DELEGABLE, Result.GOOD);
// turn the account/group into admin
makeAccountAdmin(GA);
makeGroupAdmin(GG);
// now can grant to the account/group
grantDelegableRight(sysAdmin, TargetType.domain, TD, GranteeType.GT_USER, GA, right);
grantDelegableRight(sysAdmin, TargetType.domain, TD, GranteeType.GT_GROUP, GG, right);
// make sure the account do get the right, test it on an account in the target domain
verify(GA, TA, getRight("test-preset-account"), null, ALLOW);
// but the group member does not yet get the right, because it is not an admin account
verify(member, TA, getRight("test-preset-account"), null, DENY);
// make the member an admin account and then it should get the right
makeAccountAdmin(member);
verify(member, TA, getRight("test-preset-account"), null, ALLOW);
// make the group grantee no longer an admin group, the member will automatically lose his right
makeGroupNonAdmin(GG);
// flush the cached account entry, because group info an account is a member of are cached on the account entr
flushAccountCache(member);
verify(member, TA, getRight("test-preset-account"), null, DENY);
// make the group admin again, the right should come back
makeGroupAdmin(GG);
// flush the cached account entry, because group info an account is a member of are cached on the account entr
flushAccountCache(member);
verify(member, TA, getRight("test-preset-account"), null, ALLOW);
}
use of com.zimbra.cs.account.DistributionList in project zm-mailbox by Zimbra.
the class TestACLGrant method testDelegate.
public void testDelegate() throws Exception {
String testName = getTestName();
/*
* sys admin
*/
Account sysAdmin = getSystemAdminAccount(getEmailAddr(testName, "authed"));
/*
* grantees
*/
Account GA_DELEGATOR = createAdminAccount(getEmailAddr(testName, "GA_DELEGATOR"));
Account GA_DELEGATEE = createAdminAccount(getEmailAddr(testName, "GA_DELEGATEE"));
DistributionList GG_DELEGATEE = createAdminGroup(getEmailAddr(testName, "GG_DELEGATEE"));
/*
* target
*/
String domainName = getSubDomainName(testName).toLowerCase();
Domain TD = mProv.createDomain(domainName, new HashMap<String, Object>());
/*
* right
*/
Right right = getRight("test-combo-account-domain");
// authed as sys admin, can always grant
// grant a delegate right
grantDelegableRight(sysAdmin, TargetType.domain, TD, GranteeType.GT_USER, GA_DELEGATOR, right);
/*
* setup other targets
*/
DistributionList subTargetDl = createGroup("dl@" + domainName);
Account subTargetAcct = createAccount("acct@" + domainName);
Domain otherDomain = mProv.createDomain("other." + domainName, new HashMap<String, Object>());
// authed as a regular admin
/*
* delegate the same right
*/
// on the same target
doTestDelegate(GA_DELEGATOR, TargetType.domain, TD, GranteeType.GT_USER, GA_DELEGATEE, right, Result.GOOD);
doTestDelegate(GA_DELEGATOR, TargetType.domain, TD, GranteeType.GT_GROUP, GG_DELEGATEE, right, Result.GOOD);
// on sub target
doTestDelegate(GA_DELEGATOR, TargetType.dl, subTargetDl, GranteeType.GT_USER, GA_DELEGATEE, right, Result.INVALID_REQUEST);
doTestDelegate(GA_DELEGATOR, TargetType.dl, subTargetDl, GranteeType.GT_GROUP, GG_DELEGATEE, right, Result.INVALID_REQUEST);
doTestDelegate(GA_DELEGATOR, TargetType.account, subTargetAcct, GranteeType.GT_USER, GA_DELEGATEE, right, Result.INVALID_REQUEST);
doTestDelegate(GA_DELEGATOR, TargetType.account, subTargetAcct, GranteeType.GT_GROUP, GG_DELEGATEE, right, Result.INVALID_REQUEST);
// on unrelated target
doTestDelegate(GA_DELEGATOR, TargetType.domain, otherDomain, GranteeType.GT_USER, GA_DELEGATEE, right, Result.PERM_DENIED);
doTestDelegate(GA_DELEGATOR, TargetType.domain, otherDomain, GranteeType.GT_GROUP, GG_DELEGATEE, right, Result.PERM_DENIED);
// on super target
doTestDelegate(GA_DELEGATOR, TargetType.global, null, GranteeType.GT_USER, GA_DELEGATEE, right, Result.PERM_DENIED);
doTestDelegate(GA_DELEGATOR, TargetType.global, null, GranteeType.GT_GROUP, GG_DELEGATEE, right, Result.PERM_DENIED);
/*
* delegate part of the right
*/
// on the same target
doDelegatePartialRight(GA_DELEGATOR, TargetType.domain, TD, GranteeType.GT_USER, GA_DELEGATEE, Result.GOOD);
doDelegatePartialRight(GA_DELEGATOR, TargetType.domain, TD, GranteeType.GT_GROUP, GG_DELEGATEE, Result.GOOD);
// on sub target
doDelegatePartialRight(GA_DELEGATOR, TargetType.dl, subTargetDl, GranteeType.GT_USER, GA_DELEGATEE, Result.GOOD);
doDelegatePartialRight(GA_DELEGATOR, TargetType.dl, subTargetDl, GranteeType.GT_GROUP, GG_DELEGATEE, Result.GOOD);
doDelegatePartialRight(GA_DELEGATOR, TargetType.account, subTargetAcct, GranteeType.GT_USER, GA_DELEGATEE, Result.GOOD);
doDelegatePartialRight(GA_DELEGATOR, TargetType.account, subTargetAcct, GranteeType.GT_GROUP, GG_DELEGATEE, Result.GOOD);
// on unrelated target
doDelegatePartialRight(GA_DELEGATOR, TargetType.domain, otherDomain, GranteeType.GT_USER, GA_DELEGATEE, Result.PERM_DENIED);
doDelegatePartialRight(GA_DELEGATOR, TargetType.domain, otherDomain, GranteeType.GT_GROUP, GG_DELEGATEE, Result.PERM_DENIED);
// on super target
doDelegatePartialRight(GA_DELEGATOR, TargetType.global, otherDomain, GranteeType.GT_USER, GA_DELEGATEE, Result.PERM_DENIED);
doDelegatePartialRight(GA_DELEGATOR, TargetType.global, otherDomain, GranteeType.GT_GROUP, GG_DELEGATEE, Result.PERM_DENIED);
}
use of com.zimbra.cs.account.DistributionList in project zm-mailbox by Zimbra.
the class TestGroups method testDLupdateGroupMembershipWithoutViaWithAliases.
public void testDLupdateGroupMembershipWithoutViaWithAliases() throws Exception {
Account acct = ldapProv.getAccountByName(acctWithAlias);
GroupMembership membership = new GroupMembership();
long start = System.currentTimeMillis();
DistributionList.updateGroupMembership(ldapProv, (ZLdapContext) null, membership, acct, null, /* via */
false, /* adminGroupsOnly */
false);
ZimbraLog.test.info("testDLupdateGroupMembershipWithoutVia %s size=%d", ZimbraLog.elapsedTime(start, System.currentTimeMillis()), membership.groupIds().size());
for (int cnt = 1; cnt <= NUM_NORMAL_DL; cnt++) {
String nam = String.format(normalDLPatt, cnt);
DistributionList dl = ldapProv.get(DistributionListBy.name, nam);
Assert.assertTrue(String.format("DL %s (id=%s) in membership", nam, dl.getId()), membership.groupIds().contains(dl.getId()));
}
DistributionList dl = ldapProv.get(DistributionListBy.name, dlWithAlias);
Assert.assertTrue(String.format("DL %s (id=%s) in membership", dl.getId(), dl.getId()), membership.groupIds().contains(dl.getId()));
dl = ldapProv.get(DistributionListBy.name, dlWithAlias2);
Assert.assertTrue(String.format("DL %s (id=%s) in membership", dl.getId(), dl.getId()), membership.groupIds().contains(dl.getId()));
Assert.assertEquals(String.format("Number of DLs User %s is a member of", acctWithAlias), NUM_NORMAL_DL + 2, membership.memberOf().size());
acct = ldapProv.getAccountByName(acctWithAlias2);
membership = new GroupMembership();
start = System.currentTimeMillis();
DistributionList.updateGroupMembership(ldapProv, (ZLdapContext) null, membership, acct, null, /* via */
false, /* adminGroupsOnly */
false);
ZimbraLog.test.info("testDLupdateGroupMembershipWithoutVia %s size=%d", ZimbraLog.elapsedTime(start, System.currentTimeMillis()), membership.groupIds().size());
dl = ldapProv.get(DistributionListBy.name, dlWithAlias);
Assert.assertTrue(String.format("DL %s (id=%s) in membership", dl.getName(), dl.getId()), membership.groupIds().contains(dl.getId()));
dl = ldapProv.get(DistributionListBy.name, dlWithAlias2);
Assert.assertTrue(String.format("DL %s (id=%s) in membership", dl.getName(), dl.getId()), membership.groupIds().contains(dl.getId()));
Assert.assertEquals(String.format("Number of DLs User %s is a member of", acctWithAlias2), 2, membership.memberOf().size());
}
use of com.zimbra.cs.account.DistributionList in project zm-mailbox by Zimbra.
the class TestGroups method testDLupdateGroupMembershipWithViaWithAliases.
public void testDLupdateGroupMembershipWithViaWithAliases() throws Exception {
Account acct = ldapProv.getAccountByName(acctWithAlias);
GroupMembership membership = new GroupMembership();
Map<String, String> via = Maps.newHashMap();
long start = System.currentTimeMillis();
DistributionList.updateGroupMembership(ldapProv, (ZLdapContext) null, membership, acct, via, false, /* adminGroupsOnly */
false);
ZimbraLog.test.info("testDLupdateGroupMembershipWithVia %s size=%d via size=%d via=%s", ZimbraLog.elapsedTime(start, System.currentTimeMillis()), membership.groupIds().size(), via.size(), via);
for (int cnt = 1; cnt <= NUM_NORMAL_DL; cnt++) {
String nam = String.format(normalDLPatt, cnt);
DistributionList dl = ldapProv.get(DistributionListBy.name, nam);
Assert.assertTrue(String.format("DL %s (id=%s) in membership", nam, dl.getId()), membership.groupIds().contains(dl.getId()));
}
DistributionList dl = ldapProv.get(DistributionListBy.name, dlWithAlias);
Assert.assertTrue(String.format("DL %s (id=%s) in membership", dl.getId(), dl.getId()), membership.groupIds().contains(dl.getId()));
dl = ldapProv.get(DistributionListBy.name, dlWithAlias2);
Assert.assertTrue(String.format("DL %s (id=%s) in membership", dl.getId(), dl.getId()), membership.groupIds().contains(dl.getId()));
Assert.assertEquals(String.format("Number of DLs User %s is a member of", acctWithAlias), NUM_NORMAL_DL + 2, membership.memberOf().size());
Assert.assertEquals(String.format("Number of vias for User %s", acctWithAlias), 1, via.size());
acct = ldapProv.getAccountByName(acctWithAlias2);
membership = new GroupMembership();
Maps.newHashMap();
start = System.currentTimeMillis();
DistributionList.updateGroupMembership(ldapProv, (ZLdapContext) null, membership, acct, via, false, /* adminGroupsOnly */
false);
ZimbraLog.test.info("testDLupdateGroupMembershipWithVia %s size=%d via size=%d via=%s", ZimbraLog.elapsedTime(start, System.currentTimeMillis()), membership.groupIds().size(), via.size(), via);
dl = ldapProv.get(DistributionListBy.name, dlWithAlias);
Assert.assertTrue(String.format("DL %s (id=%s) in membership", dl.getName(), dl.getId()), membership.groupIds().contains(dl.getId()));
dl = ldapProv.get(DistributionListBy.name, dlWithAlias2);
Assert.assertTrue(String.format("DL %s (id=%s) in membership", dl.getName(), dl.getId()), membership.groupIds().contains(dl.getId()));
Assert.assertEquals(String.format("Number of DLs User %s is a member of", acctWithAlias2), 2, membership.memberOf().size());
Assert.assertEquals(String.format("Number of vias for User %s", acctWithAlias2), 1, via.size());
}
Aggregations