Example 1 with MailTarget
use of com.zimbra.cs.account.MailTarget in project zm-mailbox by Zimbra.
the class ACLAccessManager method domainAdminAllowedToChangeUserRight.
/**
* Bug 88604
* This allows delegate admins to assign user rights without having to be given the right they want to assign.
* Currently restricted to just user rights as those seem to be what a delegate admin might want to assign
*/
private boolean domainAdminAllowedToChangeUserRight(MailTarget grantee, boolean asAdmin, Entry target, Right rightNeeded) {
if (!asAdmin || !rightNeeded.isUserRight() || !(grantee instanceof Account) || !(target instanceof MailTarget)) {
return false;
}
Account authedAcct = (Account) grantee;
MailTarget mailTarget = (MailTarget) target;
if (!AccessControlUtil.isDelegatedAdmin(authedAcct, asAdmin)) {
return false;
}
try {
Domain domain = Provisioning.getInstance().getDomain(mailTarget);
if (domain == null) {
return false;
}
checkDomainStatus(domain);
Map<String, Object> attrsNeeded = Maps.newHashMap();
attrsNeeded.put(Provisioning.A_zimbraACE, rightNeeded.getName());
if (canSetAttrs(authedAcct, target, attrsNeeded, asAdmin)) {
ZimbraLog.acl.debug("Right [%s] ALLOWED to '%s' for target '%s' because '%s' is allowed to set '%s' for '%s'", rightNeeded.getName(), authedAcct.getName(), mailTarget.getName(), authedAcct.getName(), Provisioning.A_zimbraACE, mailTarget.getName());
return true;
}
} catch (ServiceException e) {
return false;
}
return false;
}
Also used :
GuestAccount(com.zimbra.cs.account.GuestAccount)
Account(com.zimbra.cs.account.Account)
ServiceException(com.zimbra.common.service.ServiceException)
MailTarget(com.zimbra.cs.account.MailTarget)
Domain(com.zimbra.cs.account.Domain)
Example 2 with MailTarget
use of com.zimbra.cs.account.MailTarget in project zm-mailbox by Zimbra.
the class TestCalDav method testCreateModifyDeleteAttendeeModifyAndCancel.
/** Mostly checking that if attendees cease to exist (even via DLs) then modification and cancel iTip
* messages still work to the remaining attendees.
*/
@Test
public void testCreateModifyDeleteAttendeeModifyAndCancel() throws ServiceException, IOException {
Account dav1 = users[1].create();
Account dav2 = users[2].create();
Account dav3 = users[3].create();
Account dav4 = users[4].create();
DistributionList dl = TestUtil.createDistributionList(DL1);
String[] members = { dav4.getName() };
prov.addMembers(dl, members);
List<MailTarget> attendees = Lists.newArrayList();
attendees.add(dav1);
attendees.add(dav2);
attendees.add(dav3);
attendees.add(dl);
ZVCalendar vCal = simpleMeeting(dav1, attendees, "1", 8);
ZProperty uidProp = vCal.getComponent(ICalTok.VEVENT).getProperty(ICalTok.UID);
String uid = uidProp.getValue();
String davBaseName = uid + ".ics";
String url = String.format("%s%s", getFolderUrl(dav1, "Calendar"), davBaseName);
doIcalPut(url, dav1, zvcalendarToBytes(vCal), HttpStatus.SC_CREATED);
String inboxhref = TestCalDav.waitForNewSchedulingRequestByUID(dav2, uid);
assertTrue("Found meeting request for newly created item", inboxhref.contains(uid));
doDeleteMethod(getLocalServerRoot().append(inboxhref).toString(), dav2, HttpStatus.SC_NO_CONTENT);
// attendee via DL
inboxhref = TestCalDav.waitForNewSchedulingRequestByUID(dav4, uid);
assertTrue("Found meeting request for newly created item", inboxhref.contains(uid));
doDeleteMethod(getLocalServerRoot().append(inboxhref).toString(), dav4, HttpStatus.SC_NO_CONTENT);
vCal = simpleMeeting(dav1, attendees, uid, "2", 9);
doIcalPut(url, dav1, zvcalendarToBytes(vCal), HttpStatus.SC_CREATED);
inboxhref = TestCalDav.waitForNewSchedulingRequestByUID(dav2, uid);
assertTrue("Found meeting request for newly created item", inboxhref.contains(uid));
doDeleteMethod(getLocalServerRoot().append(inboxhref).toString(), dav2, HttpStatus.SC_NO_CONTENT);
// attendee via DL
inboxhref = TestCalDav.waitForNewSchedulingRequestByUID(dav4, uid);
assertTrue("Found meeting request for newly created item", inboxhref.contains(uid));
doDeleteMethod(getLocalServerRoot().append(inboxhref).toString(), dav4, HttpStatus.SC_NO_CONTENT);
// Test that iTip handling still happens when some of the attendees no longer exist.
users[3].cleanup();
// attendee via DL
users[4].cleanup();
vCal = simpleMeeting(dav1, attendees, uid, "3", 10);
doIcalPut(url, dav1, zvcalendarToBytes(vCal), HttpStatus.SC_CREATED);
inboxhref = TestCalDav.waitForNewSchedulingRequestByUID(dav2, uid);
assertTrue("Found meeting request for newly created item", inboxhref.contains(uid));
doDeleteMethod(getLocalServerRoot().append(inboxhref).toString(), dav2, HttpStatus.SC_NO_CONTENT);
String dav2Url = String.format("%s%s", getFolderUrl(dav2, "Calendar"), davBaseName);
doGetMethod(dav2Url, dav2, HttpStatus.SC_OK);
// Cancel meeting by deleting it
doDeleteMethod(url, dav1, HttpStatus.SC_NO_CONTENT);
inboxhref = TestCalDav.waitForNewSchedulingRequestByUID(dav2, uid);
assertTrue("Found meeting request for newly created item", inboxhref.contains(uid));
doDeleteMethod(getLocalServerRoot().append(inboxhref).toString(), dav2, HttpStatus.SC_NO_CONTENT);
// The associated calendar item should have been deleted as a result of the Cancel
doGetMethod(dav2Url, dav2, HttpStatus.SC_NOT_FOUND);
}
Also used :
Account(com.zimbra.cs.account.Account)
ZVCalendar(com.zimbra.common.calendar.ZCalendar.ZVCalendar)
ZProperty(com.zimbra.common.calendar.ZCalendar.ZProperty)
MailTarget(com.zimbra.cs.account.MailTarget)
DistributionList(com.zimbra.cs.account.DistributionList)
Test(org.junit.Test)
Example 3 with MailTarget
use of com.zimbra.cs.account.MailTarget in project zm-mailbox by Zimbra.
the class TestDistListACL method doCheckSentToDistListEmailRight.
private void doCheckSentToDistListEmailRight(DistributionList targetDl, String email, String grantEmail, boolean expected) throws ServiceException {
ZimbraLog.test.info("DL name %s ID %s", targetDl.getName(), targetDl.getId());
Group group = prov.getGroupBasic(Key.DistributionListBy.name, listAddress);
Assert.assertNotNull("Unable to find Group object for DL by name", group);
AccessManager.ViaGrant via = new AccessManager.ViaGrant();
NamedEntry ne = GranteeType.lookupGrantee(prov, GranteeType.GT_EMAIL, GranteeBy.name, email);
MailTarget grantee = null;
if (ne instanceof MailTarget) {
grantee = (MailTarget) ne;
}
boolean result = RightCommand.checkRight(prov, "dl", /* targetType */
TargetBy.name, listAddress, grantee, RightConsts.RT_sendToDistList, null, /* attrs */
via);
if (expected) {
Assert.assertTrue(String.format("%s should be able to send to DL (using email %s)", email, grantEmail), accessMgr.canDo(email, group, User.R_sendToDistList, false));
Assert.assertTrue(String.format("%s should have right to send to DL (using email %s)", email, grantEmail), result);
ZimbraLog.test.info("Test for %s against dom %s Via=%s", email, grantEmail, via);
} else {
Assert.assertFalse(String.format("%s should NOT be able to send to DL (because not email %s)", email, grantEmail), accessMgr.canDo(email, group, User.R_sendToDistList, false));
Assert.assertFalse(String.format("%s should NOT have right to send to DL (because not email %s)", email, grantEmail), result);
}
}
Also used :
AccessManager(com.zimbra.cs.account.AccessManager)
Group(com.zimbra.cs.account.Group)
NamedEntry(com.zimbra.cs.account.NamedEntry)
MailTarget(com.zimbra.cs.account.MailTarget)
Example 4 with MailTarget
use of com.zimbra.cs.account.MailTarget in project zm-mailbox by Zimbra.
the class TestDistListACL method doCheckSentToDistListGuestRight.
private void doCheckSentToDistListGuestRight(DistributionList targetDl, String email, String guest, boolean expected) throws ServiceException {
ZimbraLog.test.info("DL name %s ID %s", targetDl.getName(), targetDl.getId());
Group group = prov.getGroupBasic(Key.DistributionListBy.name, listAddress);
Assert.assertNotNull("Unable to find Group object for DL by name", group);
AccessManager.ViaGrant via = new AccessManager.ViaGrant();
NamedEntry ne = GranteeType.lookupGrantee(prov, GranteeType.GT_GUEST, GranteeBy.name, email);
MailTarget grantee = null;
if (ne instanceof MailTarget) {
grantee = (MailTarget) ne;
}
boolean result = RightCommand.checkRight(prov, "dl", /* targetType */
TargetBy.name, listAddress, grantee, RightConsts.RT_sendToDistList, null, /* attrs */
via);
if (expected) {
Assert.assertTrue(String.format("%s should be able to send to DL (as guest %s)", email, guest), accessMgr.canDo(email, group, User.R_sendToDistList, false));
Assert.assertTrue(String.format("%s should have right to send to DL (as guest %s)", email, guest), result);
ZimbraLog.test.info("Test for %s against dom %s Via=%s", email, guest, via);
} else {
Assert.assertFalse(String.format("%s should NOT be able to send to DL (because not guest %s)", email, guest), accessMgr.canDo(email, group, User.R_sendToDistList, false));
Assert.assertFalse(String.format("%s should NOT have right to send to DL (because not guest %s)", email, guest), result);
}
}
Also used :
AccessManager(com.zimbra.cs.account.AccessManager)
Group(com.zimbra.cs.account.Group)
NamedEntry(com.zimbra.cs.account.NamedEntry)
MailTarget(com.zimbra.cs.account.MailTarget)
Example 5 with MailTarget
use of com.zimbra.cs.account.MailTarget in project zm-mailbox by Zimbra.
the class TestDistListACL method doCheckSentToDistListUserRight.
private void doCheckSentToDistListUserRight(DistributionList targetDl, String email, String user, boolean expected) throws ServiceException {
ZimbraLog.test.info("DL name %s ID %s", targetDl.getName(), targetDl.getId());
Group group = prov.getGroupBasic(Key.DistributionListBy.name, listAddress);
Assert.assertNotNull("Unable to find Group object for DL by name", group);
AccessManager.ViaGrant via = new AccessManager.ViaGrant();
// More permissive that GT_USER - want to test called functions
NamedEntry ne = GranteeType.lookupGrantee(prov, GranteeType.GT_EMAIL, GranteeBy.name, email);
MailTarget grantee = null;
if (ne instanceof MailTarget) {
grantee = (MailTarget) ne;
}
boolean result = RightCommand.checkRight(prov, "dl", /* targetType */
TargetBy.name, listAddress, grantee, RightConsts.RT_sendToDistList, null, /* attrs */
via);
if (expected) {
Assert.assertTrue(String.format("%s should be able to send to DL (as user %s)", email, user), accessMgr.canDo(email, group, User.R_sendToDistList, false));
Assert.assertTrue(String.format("%s should have right to send to DL (as user %s)", email, user), result);
ZimbraLog.test.info("Test for %s against dom %s Via=%s", email, user, via);
} else {
Assert.assertFalse(String.format("%s should NOT be able to send to DL (because not user %s)", email, user), accessMgr.canDo(email, group, User.R_sendToDistList, false));
Assert.assertFalse(String.format("%s should NOT have right to send to DL (because not user %s)", email, user), result);
}
}
Also used :
AccessManager(com.zimbra.cs.account.AccessManager)
Group(com.zimbra.cs.account.Group)
NamedEntry(com.zimbra.cs.account.NamedEntry)
MailTarget(com.zimbra.cs.account.MailTarget)
Aggregations
MailTarget (com.zimbra.cs.account.MailTarget)11
NamedEntry (com.zimbra.cs.account.NamedEntry)8
Group (com.zimbra.cs.account.Group)6
AccessManager (com.zimbra.cs.account.AccessManager)4
Account (com.zimbra.cs.account.Account)4
ServiceException (com.zimbra.common.service.ServiceException)3
Element (com.zimbra.common.soap.Element)3
Domain (com.zimbra.cs.account.Domain)3
ZProperty (com.zimbra.common.calendar.ZCalendar.ZProperty)2
ZVCalendar (com.zimbra.common.calendar.ZCalendar.ZVCalendar)2
GuestAccount (com.zimbra.cs.account.GuestAccount)2
MailServiceException (com.zimbra.cs.mailbox.MailServiceException)2
ItemId (com.zimbra.cs.service.util.ItemId)2
ZimbraSoapContext (com.zimbra.soap.ZimbraSoapContext)2
ICalTimeZone (com.zimbra.common.calendar.ICalTimeZone)1
ParsedDateTime (com.zimbra.common.calendar.ParsedDateTime)1
ZComponent (com.zimbra.common.calendar.ZCalendar.ZComponent)1
ViaGrant (com.zimbra.cs.account.AccessManager.ViaGrant)1
AccountServiceException (com.zimbra.cs.account.AccountServiceException)1
DistributionList (com.zimbra.cs.account.DistributionList)1
