Example 6 with MailTarget
use of com.zimbra.cs.account.MailTarget in project zm-mailbox by Zimbra.
the class TestLdapProvRenameDomain method namedEntryListToNameSet.
Set<String> namedEntryListToNameSet(List<NamedEntry> entries, UnicodeOrACE unicodeOrACE) {
Set<String> nameSet = new HashSet<String>();
for (NamedEntry entry : entries) {
String name;
if (entry instanceof MailTarget) {
if (unicodeOrACE == UnicodeOrACE.UNICODE) {
name = ((MailTarget) entry).getUnicodeName();
} else {
name = entry.getName();
}
} else {
name = entry.getName();
}
nameSet.add(name);
}
return nameSet;
}
Also used :
NamedEntry(com.zimbra.cs.account.NamedEntry)
MailTarget(com.zimbra.cs.account.MailTarget)
HashSet(java.util.HashSet)
Example 7 with MailTarget
use of com.zimbra.cs.account.MailTarget in project zm-mailbox by Zimbra.
the class CheckRight method handle.
@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
ZimbraSoapContext zsc = getZimbraSoapContext(context);
Element eTarget = request.getElement(AdminConstants.E_TARGET);
String targetType = eTarget.getAttribute(AdminConstants.A_TYPE);
TargetBy targetBy = null;
String target = null;
if (TargetType.fromCode(targetType).needsTargetIdentity()) {
targetBy = TargetBy.fromString(eTarget.getAttribute(AdminConstants.A_BY));
target = eTarget.getText();
}
Element eGrantee = request.getElement(AdminConstants.E_GRANTEE);
GranteeType granteeType = GranteeType.fromCode(eGrantee.getAttribute(AdminConstants.A_TYPE, GranteeType.GT_EMAIL.getCode()));
if ((granteeType != GranteeType.GT_USER) && (granteeType != GranteeType.GT_EMAIL)) {
throw ServiceException.INVALID_REQUEST("invalid grantee type " + granteeType, null);
}
GranteeBy granteeBy = GranteeBy.fromString(eGrantee.getAttribute(AdminConstants.A_BY));
String granteeVal = eGrantee.getText();
Element eRight = request.getElement(AdminConstants.E_RIGHT);
String right = eRight.getText();
Element eAttrs = request.getOptionalElement(AdminConstants.E_ATTRS);
Map<String, Object> attrs = (eAttrs == null) ? null : AdminService.getAttrs(request);
MailTarget grantee = null;
NamedEntry ne = GranteeType.lookupGrantee(Provisioning.getInstance(), granteeType, granteeBy, granteeVal);
if (ne instanceof MailTarget) {
grantee = (MailTarget) ne;
} else {
grantee = new GuestAccount(granteeVal, null);
}
if (!granteeVal.equals(zsc.getAuthtokenAccountId())) {
/* Make sure authenticated account has the right to check rights for this grantee.
*/
checkCheckRightRight(zsc, (grantee instanceof Account) ? GranteeType.GT_USER : GranteeType.GT_GROUP, granteeBy, granteeVal, true);
}
ViaGrant via = new ViaGrant();
boolean result = RightCommand.checkRight(Provisioning.getInstance(), targetType, targetBy, target, grantee, right, attrs, via);
Element resp = zsc.createElement(AdminConstants.CHECK_RIGHT_RESPONSE);
resp.addAttribute(AdminConstants.A_ALLOW, result);
if (via.available()) {
Element eVia = resp.addElement(AdminConstants.E_VIA);
Element eViaTarget = eVia.addElement(AdminConstants.E_TARGET);
eViaTarget.addAttribute(AdminConstants.A_TYPE, via.getTargetType());
eViaTarget.setText(via.getTargetName());
Element eViaGrantee = eVia.addElement(AdminConstants.E_GRANTEE);
eViaGrantee.addAttribute(AdminConstants.A_TYPE, via.getGranteeType());
eViaGrantee.setText(via.getGranteeName());
Element eViaRight = eVia.addElement(AdminConstants.E_RIGHT);
eViaRight.addAttribute(AdminConstants.A_DENY, via.isNegativeGrant());
eViaRight.setText(via.getRight());
}
return resp;
}
Also used :
GuestAccount(com.zimbra.cs.account.GuestAccount)
Account(com.zimbra.cs.account.Account)
GranteeType(com.zimbra.cs.account.accesscontrol.GranteeType)
GuestAccount(com.zimbra.cs.account.GuestAccount)
Element(com.zimbra.common.soap.Element)
TargetBy(com.zimbra.soap.type.TargetBy)
MailTarget(com.zimbra.cs.account.MailTarget)
NamedEntry(com.zimbra.cs.account.NamedEntry)
ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext)
GranteeBy(com.zimbra.soap.admin.type.GranteeSelector.GranteeBy)
ViaGrant(com.zimbra.cs.account.AccessManager.ViaGrant)
Example 8 with MailTarget
use of com.zimbra.cs.account.MailTarget in project zm-mailbox by Zimbra.
the class TestDistListACL method doCheckSentToDistListDomRight.
private void doCheckSentToDistListDomRight(DistributionList targetDl, String email, String grantDomain, boolean expected) throws ServiceException {
ZimbraLog.test.info("DL name %s ID %s", targetDl.getName(), targetDl.getId());
Group group = prov.getGroupBasic(Key.DistributionListBy.name, listAddress);
Assert.assertNotNull("Unable to find Group object for DL by name", group);
AccessManager.ViaGrant via = new AccessManager.ViaGrant();
NamedEntry ne = GranteeType.lookupGrantee(prov, GranteeType.GT_EMAIL, GranteeBy.name, email);
MailTarget grantee = null;
if (ne instanceof MailTarget) {
grantee = (MailTarget) ne;
}
boolean result = RightCommand.checkRight(prov, "dl", /* targetType */
TargetBy.name, listAddress, grantee, RightConsts.RT_sendToDistList, null, /* attrs */
via);
if (expected) {
Assert.assertTrue(String.format("%s should be able to send to DL (because in domain %s)", email, grantDomain), accessMgr.canDo(email, group, User.R_sendToDistList, false));
Assert.assertTrue(String.format("%s should have right to send to DL (because in domain %s)", email, grantDomain), result);
ZimbraLog.test.info("Test for %s against dom %s Via=%s", email, grantDomain, via);
} else {
Assert.assertFalse(String.format("%s should NOT be able to send to DL (because not in domain %s)", email, grantDomain), accessMgr.canDo(email, group, User.R_sendToDistList, false));
Assert.assertFalse(String.format("%s should NOT have right to send to DL (because not in domain %s)", email, grantDomain), result);
}
}
Also used :
AccessManager(com.zimbra.cs.account.AccessManager)
Group(com.zimbra.cs.account.Group)
NamedEntry(com.zimbra.cs.account.NamedEntry)
MailTarget(com.zimbra.cs.account.MailTarget)
Example 9 with MailTarget
use of com.zimbra.cs.account.MailTarget in project zm-mailbox by Zimbra.
the class FolderAction method handleFolder.
private String handleFolder(Map<String, Object> context, Element request, String operation, Element result) throws ServiceException {
Element action = request.getElement(MailConstants.E_ACTION);
ZimbraSoapContext zsc = getZimbraSoapContext(context);
Mailbox mbox = getRequestedMailbox(zsc);
OperationContext octxt = getOperationContext(zsc, context);
ItemIdFormatter ifmt = new ItemIdFormatter(zsc);
ItemId iid = new ItemId(action.getAttribute(MailConstants.A_ID), zsc);
if (operation.equals(OP_EMPTY)) {
boolean subfolders = action.getAttributeBool(MailConstants.A_RECURSIVE, true);
mbox.emptyFolder(octxt, iid.getId(), subfolders);
// empty trash means also to purge all IMAP \Deleted messages
if (iid.getId() == Mailbox.ID_FOLDER_TRASH)
mbox.purgeImapDeleted(octxt);
} else if (operation.equals(OP_REFRESH)) {
mbox.synchronizeFolder(octxt, iid.getId());
} else if (operation.equals(OP_IMPORT)) {
String url = action.getAttribute(MailConstants.A_URL);
mbox.importFeed(octxt, iid.getId(), url, false);
} else if (operation.equals(OP_FREEBUSY)) {
boolean fb = action.getAttributeBool(MailConstants.A_EXCLUDE_FREEBUSY, false);
mbox.alterTag(octxt, iid.getId(), MailItem.Type.FOLDER, Flag.FlagInfo.EXCLUDE_FREEBUSY, fb, null);
FreeBusyProvider.mailboxChanged(zsc.getRequestedAccountId());
} else if (operation.equals(OP_CHECK) || operation.equals(OP_UNCHECK)) {
mbox.alterTag(octxt, iid.getId(), MailItem.Type.FOLDER, Flag.FlagInfo.CHECKED, operation.equals(OP_CHECK), null);
} else if (operation.equals(OP_SET_URL)) {
String url = action.getAttribute(MailConstants.A_URL, "");
mbox.setFolderUrl(octxt, iid.getId(), url);
if (!url.equals("")) {
mbox.synchronizeFolder(octxt, iid.getId());
}
if (action.getAttribute(MailConstants.A_EXCLUDE_FREEBUSY, null) != null) {
boolean fb = action.getAttributeBool(MailConstants.A_EXCLUDE_FREEBUSY, false);
mbox.alterTag(octxt, iid.getId(), MailItem.Type.FOLDER, Flag.FlagInfo.EXCLUDE_FREEBUSY, fb, null);
}
} else if (operation.equals(OP_REVOKE)) {
String zid = action.getAttribute(MailConstants.A_ZIMBRA_ID);
mbox.revokeAccess(octxt, iid.getId(), zid);
} else if (operation.equals(OP_GRANT)) {
Element grant = action.getElement(MailConstants.E_GRANT);
short rights = ACL.stringToRights(grant.getAttribute(MailConstants.A_RIGHTS));
byte gtype = ACL.stringToType(grant.getAttribute(MailConstants.A_GRANT_TYPE));
String zid = grant.getAttribute(MailConstants.A_ZIMBRA_ID, null);
long expiry = grant.getAttributeLong(MailConstants.A_EXPIRY, 0);
String secret = null;
NamedEntry nentry = null;
if (gtype == ACL.GRANTEE_AUTHUSER) {
zid = GuestAccount.GUID_AUTHUSER;
} else if (gtype == ACL.GRANTEE_PUBLIC) {
zid = GuestAccount.GUID_PUBLIC;
expiry = validateGrantExpiry(grant.getAttribute(MailConstants.A_EXPIRY, null), AccountUtil.getMaxPublicShareLifetime(mbox.getAccount(), mbox.getFolderById(octxt, iid.getId()).getDefaultView()));
} else if (gtype == ACL.GRANTEE_GUEST) {
zid = grant.getAttribute(MailConstants.A_DISPLAY);
if (zid == null || zid.indexOf('@') < 0)
throw ServiceException.INVALID_REQUEST("invalid guest id or password", null);
// first make sure they didn't accidentally specify "guest" instead of "usr"
boolean guestGrantee = true;
try {
nentry = lookupGranteeByName(zid, ACL.GRANTEE_USER, zsc);
if (nentry instanceof MailTarget) {
Domain domain = Provisioning.getInstance().getDomain(mbox.getAccount());
String granteeDomainName = ((MailTarget) nentry).getDomainName();
if (domain.isInternalSharingCrossDomainEnabled() || domain.getName().equals(granteeDomainName) || Sets.newHashSet(domain.getInternalSharingDomain()).contains(granteeDomainName)) {
guestGrantee = false;
zid = nentry.getId();
gtype = nentry instanceof Group ? ACL.GRANTEE_GROUP : ACL.GRANTEE_USER;
}
}
} catch (ServiceException e) {
// this is the normal path, where lookupGranteeByName throws account.NO_SUCH_USER
}
if (guestGrantee) {
secret = grant.getAttribute(MailConstants.A_ARGS, null);
// password is no longer required for external sharing
if (secret == null) {
secret = grant.getAttribute(MailConstants.A_PASSWORD, null);
}
}
} else if (gtype == ACL.GRANTEE_KEY) {
zid = grant.getAttribute(MailConstants.A_DISPLAY);
// unlike guest, we do not require the display name to be an email address
// unlike guest, we do not fixup grantee type for key grantees if they specify an internal user
// get the optional accesskey
secret = grant.getAttribute(MailConstants.A_ACCESSKEY, null);
} else if (zid != null) {
nentry = lookupGranteeByZimbraId(zid, gtype);
} else {
try {
nentry = lookupGranteeByName(grant.getAttribute(MailConstants.A_DISPLAY), gtype, zsc);
zid = nentry.getId();
// make sure they didn't accidentally specify "usr" instead of "grp"
if (gtype == ACL.GRANTEE_USER && nentry instanceof Group) {
gtype = ACL.GRANTEE_GROUP;
}
} catch (ServiceException e) {
if (AccountServiceException.NO_SUCH_ACCOUNT.equals(e.getCode())) {
// looks like the case of an internal user not provisioned yet
// we'll treat it as external sharing
gtype = ACL.GRANTEE_GUEST;
zid = grant.getAttribute(MailConstants.A_DISPLAY);
} else {
throw e;
}
}
}
ACL.Grant g = mbox.grantAccess(octxt, iid.getId(), zid, gtype, rights, secret, expiry);
// kinda hacky -- return the zimbra id and name of the grantee in the response
result.addAttribute(MailConstants.A_ZIMBRA_ID, zid);
if (nentry != null)
result.addAttribute(MailConstants.A_DISPLAY, nentry.getName());
else if (gtype == ACL.GRANTEE_GUEST || gtype == ACL.GRANTEE_KEY)
result.addAttribute(MailConstants.A_DISPLAY, zid);
if (gtype == ACL.GRANTEE_KEY)
result.addAttribute(MailConstants.A_ACCESSKEY, g.getPassword());
} else if (operation.equals(OP_REVOKEORPHANGRANTS)) {
String zid = action.getAttribute(MailConstants.A_ZIMBRA_ID);
byte gtype = ACL.stringToType(action.getAttribute(MailConstants.A_GRANT_TYPE));
revokeOrphanGrants(octxt, mbox, iid, zid, gtype);
} else if (operation.equals(OP_UPDATE)) {
// duplicating code from ItemAction.java for now...
String newName = action.getAttribute(MailConstants.A_NAME, null);
String folderId = action.getAttribute(MailConstants.A_FOLDER, null);
ItemId iidFolder = new ItemId(folderId == null ? "-1" : folderId, zsc);
if (!iidFolder.belongsTo(mbox)) {
throw ServiceException.INVALID_REQUEST("cannot move folder between mailboxes", null);
} else if (folderId != null && iidFolder.getId() <= 0) {
throw MailServiceException.NO_SUCH_FOLDER(iidFolder.getId());
}
String flags = action.getAttribute(MailConstants.A_FLAGS, null);
byte color = (byte) action.getAttributeLong(MailConstants.A_COLOR, -1);
String view = action.getAttribute(MailConstants.A_DEFAULT_VIEW, null);
Element eAcl = action.getOptionalElement(MailConstants.E_ACL);
ACL acl = null;
if (eAcl != null) {
acl = parseACL(eAcl, view == null ? mbox.getFolderById(octxt, iid.getId()).getDefaultView() : MailItem.Type.of(view), mbox.getAccount());
}
if (color >= 0) {
mbox.setColor(octxt, iid.getId(), MailItem.Type.FOLDER, color);
}
if (acl != null) {
mbox.setPermissions(octxt, iid.getId(), acl);
}
if (flags != null) {
mbox.setTags(octxt, iid.getId(), MailItem.Type.FOLDER, Flag.toBitmask(flags), null, null);
}
if (view != null) {
mbox.setFolderDefaultView(octxt, iid.getId(), MailItem.Type.of(view));
}
if (newName != null) {
mbox.rename(octxt, iid.getId(), MailItem.Type.FOLDER, newName, iidFolder.getId());
} else if (iidFolder.getId() > 0) {
mbox.move(octxt, iid.getId(), MailItem.Type.FOLDER, iidFolder.getId(), null);
}
} else if (operation.equals(OP_SYNCON) || operation.equals(OP_SYNCOFF)) {
mbox.alterTag(octxt, iid.getId(), MailItem.Type.FOLDER, Flag.FlagInfo.SYNC, operation.equals(OP_SYNCON), null);
} else if (operation.equals(OP_RETENTIONPOLICY)) {
mbox.setRetentionPolicy(octxt, iid.getId(), MailItem.Type.FOLDER, new RetentionPolicy(action.getElement(MailConstants.E_RETENTION_POLICY)));
} else if (operation.equals(OP_DISABLE_ACTIVESYNC) || operation.equals(OP_ENABLE_ACTIVESYNC)) {
mbox.setActiveSyncDisabled(octxt, iid.getId(), operation.equals(OP_DISABLE_ACTIVESYNC));
} else if (operation.equals(OP_WEBOFFLINESYNCDAYS)) {
mbox.setFolderWebOfflineSyncDays(octxt, iid.getId(), action.getAttributeInt(MailConstants.A_NUM_DAYS));
} else {
throw ServiceException.INVALID_REQUEST("unknown operation: " + operation, null);
}
return ifmt.formatItemId(iid);
}
Also used :
OperationContext(com.zimbra.cs.mailbox.OperationContext)
Group(com.zimbra.cs.account.Group)
ItemIdFormatter(com.zimbra.cs.service.util.ItemIdFormatter)
Element(com.zimbra.common.soap.Element)
ACL(com.zimbra.cs.mailbox.ACL)
MailTarget(com.zimbra.cs.account.MailTarget)
ItemId(com.zimbra.cs.service.util.ItemId)
RetentionPolicy(com.zimbra.soap.mail.type.RetentionPolicy)
NamedEntry(com.zimbra.cs.account.NamedEntry)
Mailbox(com.zimbra.cs.mailbox.Mailbox)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
ServiceException(com.zimbra.common.service.ServiceException)
MailServiceException(com.zimbra.cs.mailbox.MailServiceException)
ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext)
Domain(com.zimbra.cs.account.Domain)
Example 10 with MailTarget
use of com.zimbra.cs.account.MailTarget in project zm-mailbox by Zimbra.
the class SendShareNotification method validateRequest.
private Collection<ShareInfoData> validateRequest(ZimbraSoapContext zsc, Map<String, Object> context, OperationContext octxt, Mailbox mbox, Element request) throws ServiceException {
Element eShare = request.getOptionalElement(MailConstants.E_SHARE);
if (eShare != null) {
return Arrays.asList(validateShareRecipient(zsc, context, octxt, mbox, eShare));
}
String action = request.getAttribute(MailConstants.A_ACTION, null);
ArrayList<ShareInfoData> shareInfos = new ArrayList<ShareInfoData>();
SendShareNotificationRequest req = JaxbUtil.elementToJaxb(request);
ItemId iid = new ItemId(req.getItem().getId(), zsc);
MailItem item = mbox.getItemById(octxt, iid.getId(), MailItem.Type.UNKNOWN);
Provisioning prov = Provisioning.getInstance();
Account account = getRequestedAccount(zsc);
if (item instanceof Mountpoint) {
Mountpoint mp = (Mountpoint) item;
account = prov.get(AccountBy.id, mp.getOwnerId());
}
for (EmailAddrInfo email : req.getEmailAddresses()) {
// add the non-existing grantee as type GRANTEE_GUEST for share notification.
// for revoke notifications return the non-existing grantees only
Pair<NamedEntry, String> grantee;
boolean guestGrantee = false;
byte granteeType = ACL.GRANTEE_USER;
String granteeId = null;
String granteeEmail = email.getAddress();
String granteeDisplayName = null;
try {
grantee = getGrantee(zsc, granteeType, granteeId, granteeEmail);
NamedEntry entry = grantee.getFirst();
if (entry instanceof MailTarget) {
Domain domain = prov.getDomain(account);
String granteeDomainName = ((MailTarget) entry).getDomainName();
if (domain.isInternalSharingCrossDomainEnabled() || domain.getName().equals(granteeDomainName) || Sets.newHashSet(domain.getInternalSharingDomain()).contains(granteeDomainName)) {
if (entry instanceof Group) {
granteeType = ACL.GRANTEE_GROUP;
}
granteeId = entry.getId();
granteeDisplayName = grantee.getSecond();
} else {
guestGrantee = true;
}
}
} catch (ServiceException e) {
if (!e.getCode().equals(MailServiceException.NO_SUCH_GRANTEE)) {
throw e;
}
guestGrantee = true;
}
if (guestGrantee) {
granteeType = ACL.GRANTEE_GUEST;
// if guest, granteeId is the same as granteeEmail
granteeId = granteeEmail;
}
shareInfos.add(getShareInfoData(zsc, context, account, octxt, granteeType, granteeEmail, granteeId, granteeDisplayName, item, REVOKE.equals(action)));
}
return shareInfos;
}
Also used :
Account(com.zimbra.cs.account.Account)
Group(com.zimbra.cs.account.Group)
Element(com.zimbra.common.soap.Element)
ShareInfoData(com.zimbra.cs.account.ShareInfoData)
ArrayList(java.util.ArrayList)
MailTarget(com.zimbra.cs.account.MailTarget)
ItemId(com.zimbra.cs.service.util.ItemId)
Provisioning(com.zimbra.cs.account.Provisioning)
NamedEntry(com.zimbra.cs.account.NamedEntry)
MailItem(com.zimbra.cs.mailbox.MailItem)
ServiceException(com.zimbra.common.service.ServiceException)
MailServiceException(com.zimbra.cs.mailbox.MailServiceException)
EmailAddrInfo(com.zimbra.soap.mail.type.EmailAddrInfo)
SendShareNotificationRequest(com.zimbra.soap.mail.message.SendShareNotificationRequest)
Domain(com.zimbra.cs.account.Domain)
Mountpoint(com.zimbra.cs.mailbox.Mountpoint)
Aggregations
MailTarget (com.zimbra.cs.account.MailTarget)11
NamedEntry (com.zimbra.cs.account.NamedEntry)8
Group (com.zimbra.cs.account.Group)6
AccessManager (com.zimbra.cs.account.AccessManager)4
Account (com.zimbra.cs.account.Account)4
ServiceException (com.zimbra.common.service.ServiceException)3
Element (com.zimbra.common.soap.Element)3
Domain (com.zimbra.cs.account.Domain)3
ZProperty (com.zimbra.common.calendar.ZCalendar.ZProperty)2
ZVCalendar (com.zimbra.common.calendar.ZCalendar.ZVCalendar)2
GuestAccount (com.zimbra.cs.account.GuestAccount)2
MailServiceException (com.zimbra.cs.mailbox.MailServiceException)2
ItemId (com.zimbra.cs.service.util.ItemId)2
ZimbraSoapContext (com.zimbra.soap.ZimbraSoapContext)2
ICalTimeZone (com.zimbra.common.calendar.ICalTimeZone)1
ParsedDateTime (com.zimbra.common.calendar.ParsedDateTime)1
ZComponent (com.zimbra.common.calendar.ZCalendar.ZComponent)1
ViaGrant (com.zimbra.cs.account.AccessManager.ViaGrant)1
AccountServiceException (com.zimbra.cs.account.AccountServiceException)1
DistributionList (com.zimbra.cs.account.DistributionList)1
