Search in sources :

Example 16 with DynamicGroup

use of com.zimbra.cs.account.DynamicGroup in project zm-mailbox by Zimbra.

the class SmtpRecipientValidator method validate.

@Override
public Iterable<String> validate(String recipient) {
    try {
        Provisioning prov = Provisioning.getInstance();
        Account account = prov.get(AccountBy.name, recipient);
        if (account != null) {
            return Arrays.asList(account.getName());
        } else {
            Group group = prov.getGroup(Key.DistributionListBy.name, recipient);
            if (group != null) {
                String[] members;
                if (group instanceof DynamicGroup) {
                    members = ((DynamicGroup) group).getAllMembers(true);
                } else {
                    members = group.getAllMembers();
                }
                return Arrays.asList(members);
            }
        }
    } catch (ServiceException e) {
        log.error("Unable to validate recipient %s", recipient, e);
    }
    return Collections.emptyList();
}
Also used : Account(com.zimbra.cs.account.Account) DynamicGroup(com.zimbra.cs.account.DynamicGroup) Group(com.zimbra.cs.account.Group) DynamicGroup(com.zimbra.cs.account.DynamicGroup) ServiceException(com.zimbra.common.service.ServiceException) Provisioning(com.zimbra.cs.account.Provisioning)

Example 17 with DynamicGroup

use of com.zimbra.cs.account.DynamicGroup in project zm-mailbox by Zimbra.

the class TestACLAll method execTest.

private void execTest(String note, TargetType grantedOnTargetType, TestGranteeType testGranteeType, Right right) throws Exception {
    System.out.println("testing (" + note + "): " + "grant target=" + grantedOnTargetType.getCode() + ", grantee type=" + testGranteeType.getCode() + ", right=" + right.getName());
    //
    // 1. some basic preparation
    //    create a domain
    //
    Domain domain = createDomain();
    boolean isUserRight = right.isUserRight();
    //
    // 2. setup grantee
    //
    List<Account> allowedAccts = new ArrayList<Account>();
    List<Account> deniedAccts = new ArrayList<Account>();
    NamedEntry grantee = null;
    String granteeName = null;
    String secret = null;
    Object gt = testGranteeType.getGranteeType();
    GranteeType granteeType = null;
    if (gt instanceof GranteeType) {
        granteeType = (GranteeType) gt;
        switch(granteeType) {
            case GT_USER:
                if (isUserRight) {
                    grantee = createUserAccount(domain);
                    allowedAccts.add((Account) grantee);
                    deniedAccts.add(createUserAccount(domain));
                } else {
                    grantee = createDelegatedAdminAccount(domain);
                    allowedAccts.add((Account) grantee);
                    deniedAccts.add(createDelegatedAdminAccount(domain));
                }
                granteeName = grantee.getName();
                break;
            case GT_GROUP:
                if (isUserRight) {
                    grantee = createUserDistributionList(domain);
                    Account allowedAcct = createUserAccount(domain);
                    allowedAccts.add(allowedAcct);
                    prov.addMembers((DistributionList) grantee, new String[] { allowedAcct.getName() });
                    // external members are also honored if the right is a user right
                    Account guestAcct = createGuestAccount("guest@guest.com", "test123");
                    allowedAccts.add(guestAcct);
                    prov.addMembers((DistributionList) grantee, new String[] { guestAcct.getName() });
                    deniedAccts.add(createUserAccount(domain));
                } else {
                    grantee = createAdminDistributionList(domain);
                    Account allowedAcct = createDelegatedAdminAccount(domain);
                    allowedAccts.add(allowedAcct);
                    prov.addMembers((DistributionList) grantee, new String[] { allowedAcct.getName() });
                    deniedAccts.add(createDelegatedAdminAccount(domain));
                }
                granteeName = grantee.getName();
                break;
            case GT_EXT_GROUP:
                // create a domain and use it for the external group
                Domain extDomain = createDomain();
                String extDomainDN = ((LdapDomain) extDomain).getDN();
                String acctLocalpart = "acct-ext";
                //
                // Configure the domain for external AD auth
                //
                Map<String, Object> domainAttrs = Maps.newHashMap();
                if (isUserRight) {
                    domain.setAuthMech(AuthMech.ad.name(), domainAttrs);
                } else {
                    domain.setAuthMechAdmin(AuthMech.ad.name(), domainAttrs);
                }
                /*  ==== mock test ====
                    // setup auth
                    domain.addAuthLdapURL("ldap://localhost:389", domainAttrs);
                    domain.setAuthLdapBindDn("uid=%u,ou=people," + extDomainDN, domainAttrs);
                    // setup external group search parameters
                    domain.setAuthLdapSearchBindDn(LC.zimbra_ldap_userdn.value(), domainAttrs);
                    domain.setAuthLdapSearchBindPassword(LC.zimbra_ldap_password.value(), domainAttrs);
                    domain.setExternalGroupLdapSearchBase(extDomainDN, domainAttrs);
                    domain.setExternalGroupLdapSearchFilter("(&(objectClass=zimbraGroup)(cn=%u))", domainAttrs);
                    domain.setExternalGroupHandlerClass("com.zimbra.qa.unittest.UnittestGroupHandler", domainAttrs);
                    mProv.modifyAttrs(domain, domainAttrs);

                    // create a group in the external directory and add a member
                    Group extGroup = createUserDynamicGroup(extDomain);  // doesn't matter if the group is user or admin
                    String extGroupName = extGroup.getName();
                    Account extAcct = createUserAccount(acctLocalpart, extDomain);
                    mProv.addGroupMembers(extGroup, new String[]{extAcct.getName()});

                    // create the admin account in Zimbra directory and map it to the external account
                    Account zimbraAcct = createDelegatedAdminAccount(acctLocalpart, domain);
                    allowedAccts.add(zimbraAcct);
                    */
                domain.addAuthLdapURL("***", domainAttrs);
                domain.setAuthLdapSearchBindDn("***", domainAttrs);
                domain.setAuthLdapSearchBindPassword("***", domainAttrs);
                domain.setExternalGroupLdapSearchBase("OU=Engineering,DC=vmware,DC=com", domainAttrs);
                domain.setExternalGroupLdapSearchFilter("(&(objectClass=group)(mail=%n))", domainAttrs);
                domain.setExternalGroupHandlerClass("com.zimbra.cs.account.grouphandler.ADGroupHandler", domainAttrs);
                prov.modifyAttrs(domain, domainAttrs);
                // "ESPPEnrollment-USA@vmware.com";
                String extGroupName = "ENG_pao_users_home4@vmware.com";
                // create the admin account in Zimbra directory and map it to the external account
                Account zimbraAcct = createDelegatedAdminAccount(acctLocalpart, domain);
                zimbraAcct.setAuthLdapExternalDn("CN=Phoebe Shao,OU=PAO_Users,OU=PaloAlto_California_USA,OU=NALA,OU=SITES,OU=Engineering,DC=vmware,DC=com");
                allowedAccts.add(zimbraAcct);
                // =======================
                granteeName = domain.getName() + ":" + extGroupName;
                break;
            case GT_AUTHUSER:
                if (isUserRight) {
                    allowedAccts.add(createUserAccount("allowed-user-acct", domain));
                    deniedAccts.add(createGuestAccount("not-my-guest@external.com", "test123"));
                } else {
                    deniedAccts.add(createDelegatedAdminAccount("denied-da-acct", domain));
                }
                break;
            case GT_DOMAIN:
                grantee = createDomain();
                if (isUserRight) {
                    allowedAccts.add(createUserAccount("allowed-user-acct", (Domain) grantee));
                    Domain notGrantee = createDomain();
                    deniedAccts.add(createUserAccount("denied-user-acct", notGrantee));
                } else {
                    deniedAccts.add(createDelegatedAdminAccount("denied-da-acct", (Domain) grantee));
                // TODO: TEST R_crossDomainAdmin
                }
                granteeName = grantee.getName();
                break;
            case GT_GUEST:
                // an email address
                granteeName = "be-my-guest@guest.com";
                // password
                secret = "test123";
                if (isUserRight) {
                    allowedAccts.add(createGuestAccount(granteeName, secret));
                    deniedAccts.add(createGuestAccount("not-my-guest@external.com", "bad"));
                } else {
                    deniedAccts.add(createDelegatedAdminAccount("denied-da-acct", domain));
                    deniedAccts.add(createGuestAccount(granteeName, secret));
                }
                break;
            case GT_KEY:
                // a display name
                granteeName = "be-my-guest";
                // access key
                secret = "test123";
                if (isUserRight) {
                    allowedAccts.add(createKeyAccount(granteeName, secret));
                    deniedAccts.add(createKeyAccount("not-my-guest", "bad"));
                } else {
                    deniedAccts.add(createDelegatedAdminAccount("denied-da-acct", domain));
                    deniedAccts.add(createKeyAccount(granteeName, secret));
                }
                break;
            case GT_PUBLIC:
                if (isUserRight) {
                    allowedAccts.add(anonAccount());
                } else {
                    deniedAccts.add(anonAccount());
                }
                break;
            default:
                fail();
        }
    } else {
        // dynamic group
        assertEquals(TestGranteeType.GRANTEE_DYNAMIC_GROUP, testGranteeType);
        granteeType = GranteeType.GT_GROUP;
        if (isUserRight) {
            grantee = createUserDynamicGroup(domain);
            Account allowedAcct = createUserAccount(domain);
            allowedAccts.add(allowedAcct);
            prov.addGroupMembers((DynamicGroup) grantee, new String[] { allowedAcct.getName() });
            // external members are also honored if the right is a user right
            Account guestAcct = createGuestAccount("guest@guest.com", "test123");
            allowedAccts.add(guestAcct);
            prov.addGroupMembers((DynamicGroup) grantee, new String[] { guestAcct.getName() });
            deniedAccts.add(createUserAccount(domain));
        } else {
            grantee = createAdminDynamicGroup(domain);
            Account allowedAcct = createDelegatedAdminAccount(domain);
            allowedAccts.add(allowedAcct);
            prov.addGroupMembers((DynamicGroup) grantee, new String[] { allowedAcct.getName() });
            deniedAccts.add(createDelegatedAdminAccount(domain));
        }
        granteeName = grantee.getName();
    }
    //
    // 3. setup expectations for the granting action
    //
    boolean expectInvalidRequest = false;
    if (isUserRight) {
        expectInvalidRequest = !expectedIsRightGrantableOnTargetType(right, grantedOnTargetType);
    } else {
        // is admin right
        if (!granteeType.allowedForAdminRights()) {
            expectInvalidRequest = true;
        }
        if (!expectInvalidRequest) {
            if (granteeType == GranteeType.GT_DOMAIN && right != Admin.R_crossDomainAdmin) {
                expectInvalidRequest = true;
            }
        }
        if (!expectInvalidRequest) {
            expectInvalidRequest = !expectedIsRightGrantableOnTargetType(right, grantedOnTargetType);
        }
    }
    //
    // 4. setup target on which the right is to be granted
    //
    Entry grantedOnTarget = null;
    String targetName = null;
    switch(grantedOnTargetType) {
        case account:
            grantedOnTarget = createUserAccount("target-acct", domain);
            targetName = ((Account) grantedOnTarget).getName();
            break;
        case calresource:
            grantedOnTarget = createCalendarResource("target-cr", domain);
            targetName = ((CalendarResource) grantedOnTarget).getName();
            break;
        case cos:
            grantedOnTarget = createCos();
            targetName = ((Cos) grantedOnTarget).getName();
            break;
        case dl:
            grantedOnTarget = createUserDistributionList("target-distributionlist", domain);
            targetName = ((DistributionList) grantedOnTarget).getName();
            break;
        case group:
            grantedOnTarget = createUserDynamicGroup("target-dynamicgroup", domain);
            targetName = ((DynamicGroup) grantedOnTarget).getName();
            break;
        case domain:
            grantedOnTarget = domain;
            targetName = domain.getName();
            break;
        case server:
            grantedOnTarget = createServer();
            targetName = ((Server) grantedOnTarget).getName();
            break;
        case alwaysoncluster:
            grantedOnTarget = createAlwaysOnCluster();
            targetName = ((AlwaysOnCluster) grantedOnTarget).getName();
            break;
        case ucservice:
            grantedOnTarget = createUCService();
            targetName = ((UCService) grantedOnTarget).getName();
            break;
        case xmppcomponent:
            // skip for now
            return;
        case zimlet:
            grantedOnTarget = createZimlet();
            targetName = ((Zimlet) grantedOnTarget).getName();
            break;
        case config:
            grantedOnTarget = getConfig();
            break;
        case global:
            grantedOnTarget = getGlobalGrant();
            break;
        default:
            fail();
    }
    //
    // grant right on the target
    //
    boolean gotInvalidRequestException = false;
    try {
        // TODO: in a different test, test granting by a different authed account:
        //       global admin, delegated admin, user
        //
        Account grantingAccount = globalAdmin;
        RightCommand.grantRight(prov, grantingAccount, grantedOnTargetType.getCode(), TargetBy.name, targetName, granteeType.getCode(), GranteeBy.name, granteeName, secret, right.getName(), null);
    } catch (ServiceException e) {
        if (ServiceException.INVALID_REQUEST.equals(e.getCode())) {
            gotInvalidRequestException = true;
        } else {
            e.printStackTrace();
            fail();
        }
    }
    //
    // 5. verify the grant
    //
    assertEquals(expectInvalidRequest, gotInvalidRequestException);
    // after group creation using the target object returned from the create call.
    if (grantedOnTarget instanceof Group) {
        grantedOnTarget = prov.getGroupBasic(Key.DistributionListBy.id, ((Group) grantedOnTarget).getId());
    }
    //
    if (right.isComboRight()) {
        for (Right rt : ((ComboRight) right).getAllRights()) {
            setupTargetAndVerify(domain, grantedOnTarget, grantedOnTargetType, rt, true, allowedAccts, deniedAccts, !gotInvalidRequestException);
        }
    } else {
        setupTargetAndVerify(domain, grantedOnTarget, grantedOnTargetType, right, false, allowedAccts, deniedAccts, !gotInvalidRequestException);
    }
}
Also used : GuestAccount(com.zimbra.cs.account.GuestAccount) Account(com.zimbra.cs.account.Account) DynamicGroup(com.zimbra.cs.account.DynamicGroup) Group(com.zimbra.cs.account.Group) GranteeType(com.zimbra.cs.account.accesscontrol.GranteeType) LdapDomain(com.zimbra.cs.account.ldap.entry.LdapDomain) ArrayList(java.util.ArrayList) ComboRight(com.zimbra.cs.account.accesscontrol.ComboRight) CheckRight(com.zimbra.cs.account.accesscontrol.CheckRight) UserRight(com.zimbra.cs.account.accesscontrol.UserRight) AttrRight(com.zimbra.cs.account.accesscontrol.AttrRight) PresetRight(com.zimbra.cs.account.accesscontrol.PresetRight) Right(com.zimbra.cs.account.accesscontrol.Right) ComboRight(com.zimbra.cs.account.accesscontrol.ComboRight) NamedEntry(com.zimbra.cs.account.NamedEntry) NamedEntry(com.zimbra.cs.account.NamedEntry) Entry(com.zimbra.cs.account.Entry) ServiceException(com.zimbra.common.service.ServiceException) LdapDomain(com.zimbra.cs.account.ldap.entry.LdapDomain) Domain(com.zimbra.cs.account.Domain)

Example 18 with DynamicGroup

use of com.zimbra.cs.account.DynamicGroup in project zm-mailbox by Zimbra.

the class TestACLAll method setupTarget.

private void setupTarget(List<Entry> goodTargets, List<Entry> badTargets, Domain domain, Entry grantedOnTarget, TargetType grantedOnTargetType, TargetType targetTypeOfRight, Right right) throws Exception {
    Entry good = null;
    Entry bad = null;
    switch(targetTypeOfRight) {
        case account:
            if (grantedOnTargetType == TargetType.account) {
                goodTargets.add(grantedOnTarget);
                badTargets.add(createUserAccount(domain));
            } else if (grantedOnTargetType == TargetType.calresource) {
                if (right.isUserRight()) {
                    goodTargets.add(grantedOnTarget);
                    badTargets.add(createCalendarResource(domain));
                } else {
                    badTargets.add(grantedOnTarget);
                }
            } else if (grantedOnTargetType == TargetType.dl) {
                if (CheckRight.allowGroupTarget(right)) {
                    good = createUserAccount(domain);
                    goodTargets.add(good);
                    // create a subgroup of the group on which the right is granted (testing multi levels of dl)
                    DistributionList subGroup = createUserDistributionList(domain);
                    prov.addMembers((DistributionList) grantedOnTarget, new String[] { subGroup.getName() });
                    prov.addMembers(subGroup, new String[] { ((Account) good).getName() });
                } else {
                    bad = createUserAccount(domain);
                    prov.addMembers((DistributionList) grantedOnTarget, new String[] { ((Account) bad).getName() });
                    badTargets.add(bad);
                }
            } else if (grantedOnTargetType == TargetType.group) {
                if (CheckRight.allowGroupTarget(right)) {
                    good = createUserAccount(domain);
                    prov.addGroupMembers((DynamicGroup) grantedOnTarget, new String[] { ((Account) good).getName() });
                    goodTargets.add(good);
                } else {
                    bad = createUserAccount(domain);
                    prov.addGroupMembers((DynamicGroup) grantedOnTarget, new String[] { ((Account) bad).getName() });
                    badTargets.add(bad);
                }
            } else if (grantedOnTargetType == TargetType.domain) {
                goodTargets.add(createUserAccount(domain));
                Domain anyDomain = createDomain();
                badTargets.add(createUserAccount(anyDomain));
            } else if (grantedOnTargetType == TargetType.global) {
                Domain anyDomain = createDomain();
                goodTargets.add(createUserAccount(anyDomain));
            } else {
                badTargets.add(grantedOnTarget);
            }
            break;
        case calresource:
            if (grantedOnTargetType == TargetType.calresource) {
                goodTargets.add(grantedOnTarget);
                badTargets.add(createCalendarResource(domain));
            } else if (grantedOnTargetType == TargetType.dl) {
                if (CheckRight.allowGroupTarget(right)) {
                    good = createCalendarResource(domain);
                    prov.addMembers((DistributionList) grantedOnTarget, new String[] { ((Account) good).getName() });
                    goodTargets.add(good);
                } else {
                    bad = createCalendarResource(domain);
                    prov.addMembers((DistributionList) grantedOnTarget, new String[] { ((Account) bad).getName() });
                    badTargets.add(bad);
                }
            } else if (grantedOnTargetType == TargetType.group) {
                if (CheckRight.allowGroupTarget(right)) {
                    good = createCalendarResource(domain);
                    prov.addGroupMembers((DynamicGroup) grantedOnTarget, new String[] { ((Account) good).getName() });
                    goodTargets.add(good);
                } else {
                    bad = createCalendarResource(domain);
                    prov.addGroupMembers((DynamicGroup) grantedOnTarget, new String[] { ((Account) bad).getName() });
                    badTargets.add(bad);
                }
            } else if (grantedOnTargetType == TargetType.domain) {
                good = createCalendarResource(domain);
                goodTargets.add(good);
                Domain anyDomain = createDomain();
                bad = createUserAccount(anyDomain);
                badTargets.add(bad);
            } else if (grantedOnTargetType == TargetType.global) {
                Domain anyDomain = createDomain();
                goodTargets.add(createCalendarResource(anyDomain));
            } else {
                badTargets.add(grantedOnTarget);
            }
            break;
        case cos:
            if (grantedOnTargetType == TargetType.cos) {
                good = grantedOnTarget;
            } else if (grantedOnTargetType == TargetType.global) {
                good = createCos();
            }
            if (good == null) {
                bad = grantedOnTarget;
                badTargets.add(bad);
            } else {
                goodTargets.add(good);
            }
            break;
        case dl:
            if (grantedOnTargetType == TargetType.dl) {
                // create a subgroup of the group on which the right is granted (testing multi levels of dl)
                DistributionList subGroup = createUserDistributionList(domain);
                prov.addMembers((DistributionList) grantedOnTarget, new String[] { subGroup.getName() });
                goodTargets.add(subGroup);
                goodTargets.add(grantedOnTarget);
                badTargets.add(createUserDistributionList(domain));
            } else if (grantedOnTargetType == TargetType.group) {
                // dl rights apply to dynamic groups only for user rights
                if (right.isUserRight()) {
                    goodTargets.add(grantedOnTarget);
                } else {
                    badTargets.add(grantedOnTarget);
                }
            } else if (grantedOnTargetType == TargetType.domain) {
                goodTargets.add(createUserDistributionList(domain));
                if (right.isUserRight()) {
                    goodTargets.add(createUserDynamicGroup(domain));
                } else {
                    badTargets.add(createUserDynamicGroup(domain));
                }
                Domain anyDomain = createDomain();
                badTargets.add(createUserDistributionList(anyDomain));
                badTargets.add(createUserDynamicGroup(anyDomain));
            } else if (grantedOnTargetType == TargetType.global) {
                Domain anyDomain = createDomain();
                goodTargets.add(createUserDistributionList(anyDomain));
                if (right.isUserRight()) {
                    goodTargets.add(createUserDynamicGroup(anyDomain));
                } else {
                    badTargets.add(createUserDynamicGroup(anyDomain));
                }
            } else {
                badTargets.add(grantedOnTarget);
            }
            break;
        case group:
            if (grantedOnTargetType == TargetType.dl) {
                badTargets.add(grantedOnTarget);
            } else if (grantedOnTargetType == TargetType.group) {
                goodTargets.add(grantedOnTarget);
            } else if (grantedOnTargetType == TargetType.domain) {
                goodTargets.add(createUserDynamicGroup(domain));
                badTargets.add(createUserDistributionList(domain));
                Domain anyDomain = createDomain();
                badTargets.add(createUserDistributionList(anyDomain));
                badTargets.add(createUserDynamicGroup(anyDomain));
            } else if (grantedOnTargetType == TargetType.global) {
                Domain anyDomain = createDomain();
                goodTargets.add(createUserDynamicGroup(anyDomain));
                badTargets.add(createUserDistributionList(anyDomain));
            } else {
                badTargets.add(grantedOnTarget);
            }
            break;
        case domain:
            if (grantedOnTargetType == TargetType.domain) {
                goodTargets.add(grantedOnTarget);
                badTargets.add(createDomain());
            } else if (grantedOnTargetType == TargetType.global) {
                goodTargets.add(createDomain());
            } else {
                badTargets.add(grantedOnTarget);
            }
            break;
        case server:
            if (grantedOnTargetType == TargetType.server) {
                goodTargets.add(grantedOnTarget);
                badTargets.add(createServer());
            } else if (grantedOnTargetType == TargetType.global) {
                goodTargets.add(createServer());
            } else {
                badTargets.add(grantedOnTarget);
            }
            break;
        case alwaysoncluster:
            if (grantedOnTargetType == TargetType.alwaysoncluster) {
                goodTargets.add(grantedOnTarget);
                badTargets.add(createAlwaysOnCluster());
            } else if (grantedOnTargetType == TargetType.global) {
                goodTargets.add(createAlwaysOnCluster());
            } else {
                badTargets.add(grantedOnTarget);
            }
            break;
        case ucservice:
            if (grantedOnTargetType == TargetType.ucservice) {
                goodTargets.add(grantedOnTarget);
                badTargets.add(createUCService());
            } else if (grantedOnTargetType == TargetType.global) {
                goodTargets.add(createUCService());
            } else {
                badTargets.add(grantedOnTarget);
            }
            break;
        case xmppcomponent:
            // skip for now
            return;
        case zimlet:
            // zimlet is trouble, need to reload it or else the grant is not on the object
            // ldapProvisioning.getZimlet does not return a cached entry so our grantedOnTarget
            // object does not have the grant
            prov.reload(grantedOnTarget);
            if (grantedOnTargetType == TargetType.zimlet) {
                goodTargets.add(grantedOnTarget);
                badTargets.add(createZimlet());
            } else if (grantedOnTargetType == TargetType.global) {
                goodTargets.add(createZimlet());
            } else {
                badTargets.add(grantedOnTarget);
            }
            break;
        case config:
            if (grantedOnTargetType == TargetType.config)
                goodTargets.add(grantedOnTarget);
            else if (grantedOnTargetType == TargetType.global)
                goodTargets.add(getConfig());
            else
                badTargets.add(grantedOnTarget);
            break;
        case global:
            if (grantedOnTargetType == TargetType.global)
                goodTargets.add(getGlobalGrant());
            else
                badTargets.add(grantedOnTarget);
            break;
        default:
            fail();
    }
}
Also used : DynamicGroup(com.zimbra.cs.account.DynamicGroup) GuestAccount(com.zimbra.cs.account.GuestAccount) Account(com.zimbra.cs.account.Account) NamedEntry(com.zimbra.cs.account.NamedEntry) Entry(com.zimbra.cs.account.Entry) LdapDomain(com.zimbra.cs.account.ldap.entry.LdapDomain) Domain(com.zimbra.cs.account.Domain) DistributionList(com.zimbra.cs.account.DistributionList)

Example 19 with DynamicGroup

use of com.zimbra.cs.account.DynamicGroup in project zm-mailbox by Zimbra.

the class TestLdapProvSearchDirectory method getAllGroups.

@Test
public void getAllGroups() throws Exception {
    DistributionList dl = createDistributionList(genGroupNameLocalPart("dl"));
    DynamicGroup dg = createDynamicGroup(genGroupNameLocalPart("dg"));
    // create a sub domain
    String SUB_DOMAIN_NAME = "sub." + baseDomainName();
    Domain subDomain = provUtil.createDomain(SUB_DOMAIN_NAME, null);
    // create a DL and a DG in the sub domain
    DistributionList dlSub = createDistributionList(genGroupNameLocalPart("dl-sub"), subDomain);
    DynamicGroup dgSub = createDynamicGroup(genGroupNameLocalPart("dg-sub"), subDomain);
    List<Group> groups = prov.getAllGroups(domain);
    Verify.verifyEquals(Lists.newArrayList(dg, dl), groups, true);
    deleteGroup(dl);
    deleteGroup(dg);
    deleteGroup(dlSub);
    deleteGroup(dgSub);
}
Also used : DynamicGroup(com.zimbra.cs.account.DynamicGroup) DynamicGroup(com.zimbra.cs.account.DynamicGroup) Group(com.zimbra.cs.account.Group) Domain(com.zimbra.cs.account.Domain) LdapDomain(com.zimbra.cs.account.ldap.entry.LdapDomain) DistributionList(com.zimbra.cs.account.DistributionList) ProvTest(com.zimbra.qa.unittest.prov.ProvTest)

Example 20 with DynamicGroup

use of com.zimbra.cs.account.DynamicGroup in project zm-mailbox by Zimbra.

the class TestLdapProvAttrCallback method zimbraIsACLGroupAndMemberURLCreate.

@Test
public void zimbraIsACLGroupAndMemberURLCreate() throws Exception {
    String SOME_URL = "blah";
    Map<String, Object> attrs = Maps.newHashMap();
    boolean caughtException;
    DynamicGroup group;
    // 1. specify memberURL and set zimbraIsACLGroup to false -> OK
    attrs.clear();
    attrs.put(Provisioning.A_zimbraIsACLGroup, ProvisioningConstants.FALSE);
    attrs.put(Provisioning.A_memberURL, SOME_URL);
    group = createDynamicGroup(genGroupNameLocalPart("1"), attrs);
    verifyIsNotACLGroup(group, SOME_URL);
    deleteDynamicGroup(group);
    // 2. specify memberURL and set zimbraIsACLGroup to true -> FAIL
    caughtException = false;
    attrs.clear();
    attrs.put(Provisioning.A_zimbraIsACLGroup, ProvisioningConstants.TRUE);
    attrs.put(Provisioning.A_memberURL, SOME_URL);
    try {
        group = createDynamicGroup(genGroupNameLocalPart("2"), attrs);
    } catch (ServiceException e) {
        if (ServiceException.INVALID_REQUEST.equals(e.getCode())) {
            caughtException = true;
        } else {
            throw e;
        }
    }
    assertTrue(caughtException);
    // 3. specify memberURL without setting zimbraIsACLGroup -> FAIL
    caughtException = false;
    attrs.clear();
    attrs.put(Provisioning.A_memberURL, SOME_URL);
    try {
        group = createDynamicGroup(genGroupNameLocalPart("3"), attrs);
    } catch (ServiceException e) {
        if (ServiceException.INVALID_REQUEST.equals(e.getCode())) {
            caughtException = true;
        } else {
            throw e;
        }
    }
    assertTrue(caughtException);
}
Also used : DynamicGroup(com.zimbra.cs.account.DynamicGroup) ServiceException(com.zimbra.common.service.ServiceException)

Aggregations

DynamicGroup (com.zimbra.cs.account.DynamicGroup)24 LdapDynamicGroup (com.zimbra.cs.account.ldap.entry.LdapDynamicGroup)10 ServiceException (com.zimbra.common.service.ServiceException)9 Account (com.zimbra.cs.account.Account)9 DistributionList (com.zimbra.cs.account.DistributionList)9 Group (com.zimbra.cs.account.Group)7 Test (org.junit.Test)7 Domain (com.zimbra.cs.account.Domain)6 NamedEntry (com.zimbra.cs.account.NamedEntry)6 LdapDomain (com.zimbra.cs.account.ldap.entry.LdapDomain)5 HashMap (java.util.HashMap)5 Entry (com.zimbra.cs.account.Entry)4 GuestAccount (com.zimbra.cs.account.GuestAccount)3 SearchDirectoryOptions (com.zimbra.cs.account.SearchDirectoryOptions)3 ProvTest (com.zimbra.qa.unittest.prov.ProvTest)3 Element (com.zimbra.common.soap.Element)2 Provisioning (com.zimbra.cs.account.Provisioning)2 Names (com.zimbra.qa.unittest.prov.Names)2 ZimbraSoapContext (com.zimbra.soap.ZimbraSoapContext)2 HashSet (java.util.HashSet)2