Search in sources :

Example 96 with DistributionList

use of com.zimbra.cs.account.DistributionList in project zm-mailbox by Zimbra.

the class SoapProvisioning method getDistributionLists.

@Override
public List<DistributionList> getDistributionLists(DistributionList list, boolean directOnly, Map<String, String> via) throws ServiceException {
    ArrayList<DistributionList> result = new ArrayList<DistributionList>();
    GetDistributionListMembershipRequest req = new GetDistributionListMembershipRequest(getSelector(list), null, null);
    GetDistributionListMembershipResponse resp = invokeJaxb(req);
    for (DistributionListMembershipInfo dlMemInfo : resp.getDls()) {
        String viaList = dlMemInfo.getVia();
        if (directOnly && viaList != null)
            continue;
        DistributionList dl = new SoapDistributionList(dlMemInfo, this);
        if (via != null && viaList != null) {
            via.put(dl.getName(), viaList);
        }
        result.add(dl);
    }
    return result;
}
Also used : DistributionListMembershipInfo(com.zimbra.soap.admin.type.DistributionListMembershipInfo) ArrayList(java.util.ArrayList) DistributionList(com.zimbra.cs.account.DistributionList)

Example 97 with DistributionList

use of com.zimbra.cs.account.DistributionList in project zm-mailbox by Zimbra.

the class TestACLGrant method testDelegateToNonAdmin.

public void testDelegateToNonAdmin() throws Exception {
    String testName = getTestName();
    /*
         * sys admin
         */
    Account sysAdmin = getSystemAdminAccount(getEmailAddr(testName, "authed"));
    /*
         * grantees
         */
    Account GA = createAccount(getEmailAddr(testName, "GA"));
    DistributionList GG = createGroup(getEmailAddr(testName, "GG"));
    // add a member to the group
    Account member = createAccount(getEmailAddr(testName, "member"));
    mProv.addMembers(GG, new String[] { member.getName() });
    /*
         * target
         */
    String domainName = getSubDomainName(testName).toLowerCase();
    Domain TD = mProv.createDomain(domainName, new HashMap<String, Object>());
    // a user in the domain
    Account TA = createAccount("acct@" + domainName);
    /*
         * right
         */
    Right right = getRight("test-combo-account-domain");
    // authed as sys admin
    // cannot grant to a non-admin account/group
    doTestGrant(sysAdmin, TargetType.domain, TD, GranteeType.GT_USER, GA, right, DELEGABLE, Result.INVALID_REQUEST);
    doTestGrant(sysAdmin, TargetType.domain, TD, GranteeType.GT_GROUP, GG, right, DELEGABLE, Result.INVALID_REQUEST);
    // revoke should be OK though, the admin bit is not checked for revoking
    doTestRevoke(sysAdmin, TargetType.domain, TD, GranteeType.GT_USER, GA, right, DELEGABLE, Result.GOOD);
    doTestRevoke(sysAdmin, TargetType.domain, TD, GranteeType.GT_GROUP, GG, right, DELEGABLE, Result.GOOD);
    // turn the account/group into admin
    makeAccountAdmin(GA);
    makeGroupAdmin(GG);
    // now can grant to the account/group
    grantDelegableRight(sysAdmin, TargetType.domain, TD, GranteeType.GT_USER, GA, right);
    grantDelegableRight(sysAdmin, TargetType.domain, TD, GranteeType.GT_GROUP, GG, right);
    // make sure the account do get the right, test it on an account in the target domain
    verify(GA, TA, getRight("test-preset-account"), null, ALLOW);
    // but the group member does not yet get the right, because it is not an admin account
    verify(member, TA, getRight("test-preset-account"), null, DENY);
    // make the member an admin account and then it should get the right
    makeAccountAdmin(member);
    verify(member, TA, getRight("test-preset-account"), null, ALLOW);
    // make the group grantee no longer an admin group, the member will automatically lose his right
    makeGroupNonAdmin(GG);
    // flush the cached account entry, because group info an account is a member of are cached on the account entr
    flushAccountCache(member);
    verify(member, TA, getRight("test-preset-account"), null, DENY);
    // make the group admin again, the right should come back
    makeGroupAdmin(GG);
    // flush the cached account entry, because group info an account is a member of are cached on the account entr
    flushAccountCache(member);
    verify(member, TA, getRight("test-preset-account"), null, ALLOW);
}
Also used : Account(com.zimbra.cs.account.Account) Right(com.zimbra.cs.account.accesscontrol.Right) Domain(com.zimbra.cs.account.Domain) DistributionList(com.zimbra.cs.account.DistributionList)

Example 98 with DistributionList

use of com.zimbra.cs.account.DistributionList in project zm-mailbox by Zimbra.

the class TestACLGrant method testDelegate.

public void testDelegate() throws Exception {
    String testName = getTestName();
    /*
         * sys admin
         */
    Account sysAdmin = getSystemAdminAccount(getEmailAddr(testName, "authed"));
    /*
         * grantees
         */
    Account GA_DELEGATOR = createAdminAccount(getEmailAddr(testName, "GA_DELEGATOR"));
    Account GA_DELEGATEE = createAdminAccount(getEmailAddr(testName, "GA_DELEGATEE"));
    DistributionList GG_DELEGATEE = createAdminGroup(getEmailAddr(testName, "GG_DELEGATEE"));
    /*
         * target
         */
    String domainName = getSubDomainName(testName).toLowerCase();
    Domain TD = mProv.createDomain(domainName, new HashMap<String, Object>());
    /*
         * right
         */
    Right right = getRight("test-combo-account-domain");
    // authed as sys admin, can always grant
    // grant a delegate right
    grantDelegableRight(sysAdmin, TargetType.domain, TD, GranteeType.GT_USER, GA_DELEGATOR, right);
    /*
         * setup other targets
         */
    DistributionList subTargetDl = createGroup("dl@" + domainName);
    Account subTargetAcct = createAccount("acct@" + domainName);
    Domain otherDomain = mProv.createDomain("other." + domainName, new HashMap<String, Object>());
    // authed as a regular admin
    /*
         * delegate the same right
         */
    // on the same target
    doTestDelegate(GA_DELEGATOR, TargetType.domain, TD, GranteeType.GT_USER, GA_DELEGATEE, right, Result.GOOD);
    doTestDelegate(GA_DELEGATOR, TargetType.domain, TD, GranteeType.GT_GROUP, GG_DELEGATEE, right, Result.GOOD);
    // on sub target
    doTestDelegate(GA_DELEGATOR, TargetType.dl, subTargetDl, GranteeType.GT_USER, GA_DELEGATEE, right, Result.INVALID_REQUEST);
    doTestDelegate(GA_DELEGATOR, TargetType.dl, subTargetDl, GranteeType.GT_GROUP, GG_DELEGATEE, right, Result.INVALID_REQUEST);
    doTestDelegate(GA_DELEGATOR, TargetType.account, subTargetAcct, GranteeType.GT_USER, GA_DELEGATEE, right, Result.INVALID_REQUEST);
    doTestDelegate(GA_DELEGATOR, TargetType.account, subTargetAcct, GranteeType.GT_GROUP, GG_DELEGATEE, right, Result.INVALID_REQUEST);
    // on unrelated target
    doTestDelegate(GA_DELEGATOR, TargetType.domain, otherDomain, GranteeType.GT_USER, GA_DELEGATEE, right, Result.PERM_DENIED);
    doTestDelegate(GA_DELEGATOR, TargetType.domain, otherDomain, GranteeType.GT_GROUP, GG_DELEGATEE, right, Result.PERM_DENIED);
    // on super target
    doTestDelegate(GA_DELEGATOR, TargetType.global, null, GranteeType.GT_USER, GA_DELEGATEE, right, Result.PERM_DENIED);
    doTestDelegate(GA_DELEGATOR, TargetType.global, null, GranteeType.GT_GROUP, GG_DELEGATEE, right, Result.PERM_DENIED);
    /*
         * delegate part of the right
         */
    // on the same target
    doDelegatePartialRight(GA_DELEGATOR, TargetType.domain, TD, GranteeType.GT_USER, GA_DELEGATEE, Result.GOOD);
    doDelegatePartialRight(GA_DELEGATOR, TargetType.domain, TD, GranteeType.GT_GROUP, GG_DELEGATEE, Result.GOOD);
    // on sub target
    doDelegatePartialRight(GA_DELEGATOR, TargetType.dl, subTargetDl, GranteeType.GT_USER, GA_DELEGATEE, Result.GOOD);
    doDelegatePartialRight(GA_DELEGATOR, TargetType.dl, subTargetDl, GranteeType.GT_GROUP, GG_DELEGATEE, Result.GOOD);
    doDelegatePartialRight(GA_DELEGATOR, TargetType.account, subTargetAcct, GranteeType.GT_USER, GA_DELEGATEE, Result.GOOD);
    doDelegatePartialRight(GA_DELEGATOR, TargetType.account, subTargetAcct, GranteeType.GT_GROUP, GG_DELEGATEE, Result.GOOD);
    // on unrelated target
    doDelegatePartialRight(GA_DELEGATOR, TargetType.domain, otherDomain, GranteeType.GT_USER, GA_DELEGATEE, Result.PERM_DENIED);
    doDelegatePartialRight(GA_DELEGATOR, TargetType.domain, otherDomain, GranteeType.GT_GROUP, GG_DELEGATEE, Result.PERM_DENIED);
    // on super target
    doDelegatePartialRight(GA_DELEGATOR, TargetType.global, otherDomain, GranteeType.GT_USER, GA_DELEGATEE, Result.PERM_DENIED);
    doDelegatePartialRight(GA_DELEGATOR, TargetType.global, otherDomain, GranteeType.GT_GROUP, GG_DELEGATEE, Result.PERM_DENIED);
}
Also used : Account(com.zimbra.cs.account.Account) Right(com.zimbra.cs.account.accesscontrol.Right) Domain(com.zimbra.cs.account.Domain) DistributionList(com.zimbra.cs.account.DistributionList)

Example 99 with DistributionList

use of com.zimbra.cs.account.DistributionList in project zm-mailbox by Zimbra.

the class TestGroups method testDLupdateGroupMembershipWithoutViaWithAliases.

public void testDLupdateGroupMembershipWithoutViaWithAliases() throws Exception {
    Account acct = ldapProv.getAccountByName(acctWithAlias);
    GroupMembership membership = new GroupMembership();
    long start = System.currentTimeMillis();
    DistributionList.updateGroupMembership(ldapProv, (ZLdapContext) null, membership, acct, null, /* via */
    false, /* adminGroupsOnly */
    false);
    ZimbraLog.test.info("testDLupdateGroupMembershipWithoutVia %s size=%d", ZimbraLog.elapsedTime(start, System.currentTimeMillis()), membership.groupIds().size());
    for (int cnt = 1; cnt <= NUM_NORMAL_DL; cnt++) {
        String nam = String.format(normalDLPatt, cnt);
        DistributionList dl = ldapProv.get(DistributionListBy.name, nam);
        Assert.assertTrue(String.format("DL %s (id=%s) in membership", nam, dl.getId()), membership.groupIds().contains(dl.getId()));
    }
    DistributionList dl = ldapProv.get(DistributionListBy.name, dlWithAlias);
    Assert.assertTrue(String.format("DL %s (id=%s) in membership", dl.getId(), dl.getId()), membership.groupIds().contains(dl.getId()));
    dl = ldapProv.get(DistributionListBy.name, dlWithAlias2);
    Assert.assertTrue(String.format("DL %s (id=%s) in membership", dl.getId(), dl.getId()), membership.groupIds().contains(dl.getId()));
    Assert.assertEquals(String.format("Number of DLs User %s is a member of", acctWithAlias), NUM_NORMAL_DL + 2, membership.memberOf().size());
    acct = ldapProv.getAccountByName(acctWithAlias2);
    membership = new GroupMembership();
    start = System.currentTimeMillis();
    DistributionList.updateGroupMembership(ldapProv, (ZLdapContext) null, membership, acct, null, /* via */
    false, /* adminGroupsOnly */
    false);
    ZimbraLog.test.info("testDLupdateGroupMembershipWithoutVia %s size=%d", ZimbraLog.elapsedTime(start, System.currentTimeMillis()), membership.groupIds().size());
    dl = ldapProv.get(DistributionListBy.name, dlWithAlias);
    Assert.assertTrue(String.format("DL %s (id=%s) in membership", dl.getName(), dl.getId()), membership.groupIds().contains(dl.getId()));
    dl = ldapProv.get(DistributionListBy.name, dlWithAlias2);
    Assert.assertTrue(String.format("DL %s (id=%s) in membership", dl.getName(), dl.getId()), membership.groupIds().contains(dl.getId()));
    Assert.assertEquals(String.format("Number of DLs User %s is a member of", acctWithAlias2), 2, membership.memberOf().size());
}
Also used : Account(com.zimbra.cs.account.Account) GroupMembership(com.zimbra.cs.account.Provisioning.GroupMembership) DistributionList(com.zimbra.cs.account.DistributionList)

Example 100 with DistributionList

use of com.zimbra.cs.account.DistributionList in project zm-mailbox by Zimbra.

the class TestGroups method testDLupdateGroupMembershipWithViaWithAliases.

public void testDLupdateGroupMembershipWithViaWithAliases() throws Exception {
    Account acct = ldapProv.getAccountByName(acctWithAlias);
    GroupMembership membership = new GroupMembership();
    Map<String, String> via = Maps.newHashMap();
    long start = System.currentTimeMillis();
    DistributionList.updateGroupMembership(ldapProv, (ZLdapContext) null, membership, acct, via, false, /* adminGroupsOnly */
    false);
    ZimbraLog.test.info("testDLupdateGroupMembershipWithVia %s size=%d via size=%d via=%s", ZimbraLog.elapsedTime(start, System.currentTimeMillis()), membership.groupIds().size(), via.size(), via);
    for (int cnt = 1; cnt <= NUM_NORMAL_DL; cnt++) {
        String nam = String.format(normalDLPatt, cnt);
        DistributionList dl = ldapProv.get(DistributionListBy.name, nam);
        Assert.assertTrue(String.format("DL %s (id=%s) in membership", nam, dl.getId()), membership.groupIds().contains(dl.getId()));
    }
    DistributionList dl = ldapProv.get(DistributionListBy.name, dlWithAlias);
    Assert.assertTrue(String.format("DL %s (id=%s) in membership", dl.getId(), dl.getId()), membership.groupIds().contains(dl.getId()));
    dl = ldapProv.get(DistributionListBy.name, dlWithAlias2);
    Assert.assertTrue(String.format("DL %s (id=%s) in membership", dl.getId(), dl.getId()), membership.groupIds().contains(dl.getId()));
    Assert.assertEquals(String.format("Number of DLs User %s is a member of", acctWithAlias), NUM_NORMAL_DL + 2, membership.memberOf().size());
    Assert.assertEquals(String.format("Number of vias for User %s", acctWithAlias), 1, via.size());
    acct = ldapProv.getAccountByName(acctWithAlias2);
    membership = new GroupMembership();
    Maps.newHashMap();
    start = System.currentTimeMillis();
    DistributionList.updateGroupMembership(ldapProv, (ZLdapContext) null, membership, acct, via, false, /* adminGroupsOnly */
    false);
    ZimbraLog.test.info("testDLupdateGroupMembershipWithVia %s size=%d via size=%d via=%s", ZimbraLog.elapsedTime(start, System.currentTimeMillis()), membership.groupIds().size(), via.size(), via);
    dl = ldapProv.get(DistributionListBy.name, dlWithAlias);
    Assert.assertTrue(String.format("DL %s (id=%s) in membership", dl.getName(), dl.getId()), membership.groupIds().contains(dl.getId()));
    dl = ldapProv.get(DistributionListBy.name, dlWithAlias2);
    Assert.assertTrue(String.format("DL %s (id=%s) in membership", dl.getName(), dl.getId()), membership.groupIds().contains(dl.getId()));
    Assert.assertEquals(String.format("Number of DLs User %s is a member of", acctWithAlias2), 2, membership.memberOf().size());
    Assert.assertEquals(String.format("Number of vias for User %s", acctWithAlias2), 1, via.size());
}
Also used : Account(com.zimbra.cs.account.Account) GroupMembership(com.zimbra.cs.account.Provisioning.GroupMembership) DistributionList(com.zimbra.cs.account.DistributionList)

Aggregations

DistributionList (com.zimbra.cs.account.DistributionList)120 Account (com.zimbra.cs.account.Account)58 Domain (com.zimbra.cs.account.Domain)43 HashMap (java.util.HashMap)24 Test (org.junit.Test)24 Provisioning (com.zimbra.cs.account.Provisioning)22 NamedEntry (com.zimbra.cs.account.NamedEntry)18 HashSet (java.util.HashSet)18 ArrayList (java.util.ArrayList)14 ServiceException (com.zimbra.common.service.ServiceException)13 AccountServiceException (com.zimbra.cs.account.AccountServiceException)13 Right (com.zimbra.cs.account.accesscontrol.Right)12 DynamicGroup (com.zimbra.cs.account.DynamicGroup)10 LdapDistributionList (com.zimbra.cs.account.ldap.entry.LdapDistributionList)10 Group (com.zimbra.cs.account.Group)9 GuestAccount (com.zimbra.cs.account.GuestAccount)9 LdapProv (com.zimbra.cs.account.ldap.LdapProv)8 List (java.util.List)7 Entry (com.zimbra.cs.account.Entry)6 LdapEntry (com.zimbra.cs.account.ldap.entry.LdapEntry)6