Example 61 with NamedEntry
use of com.zimbra.cs.account.NamedEntry in project zm-mailbox by Zimbra.
the class Verify method verifyEntries.
// verify list contains all the entries
// if checkCount == true, verify the count matches too
public static void verifyEntries(List<NamedEntry> list, NamedEntry[] entries, boolean checkCount) throws Exception {
try {
if (checkCount)
assertEquals(list.size(), entries.length);
Set<String> ids = new HashSet<String>();
for (NamedEntry entry : list) ids.add(entry.getId());
for (NamedEntry entry : entries) {
assertTrue(ids.contains(entry.getId()));
ids.remove(entry.getId());
}
// make sure all ids in list is present is entries
if (checkCount)
assertEquals(ids.size(), 0);
} catch (AssertionError e) {
System.out.println();
System.out.println("===== verifyEntries failed =====");
System.out.println("Message: " + e.getMessage());
System.out.println();
System.out.println("list contains " + list.size() + " entries:");
for (NamedEntry entry : list) {
System.out.println(" " + entry.getName());
}
System.out.println();
System.out.println("entries contains " + entries.length + " entries:");
for (NamedEntry entry : entries) {
System.out.println(" " + entry.getName());
}
System.out.println();
throw e;
}
}
Also used :
NamedEntry(com.zimbra.cs.account.NamedEntry)
HashSet(java.util.HashSet)
Example 62 with NamedEntry
use of com.zimbra.cs.account.NamedEntry in project zm-mailbox by Zimbra.
the class ProvTestUtil method deleteAllEntries.
public void deleteAllEntries() throws Exception {
for (NamedEntry entry : createdAccountSubordinates) {
deleteEntry(entry);
}
createdAccountSubordinates.clear();
for (NamedEntry entry : createdEntries) {
deleteEntry(entry);
}
createdEntries.clear();
for (NamedEntry entry : createdDomains) {
deleteEntry(entry);
}
createdDomains.clear();
}
Also used :
NamedEntry(com.zimbra.cs.account.NamedEntry)
Example 63 with NamedEntry
use of com.zimbra.cs.account.NamedEntry in project zm-mailbox by Zimbra.
the class RightCommand method getGrants.
public static Grants getGrants(Provisioning prov, String targetType, TargetBy targetBy, String target, String granteeType, GranteeBy granteeBy, String grantee, boolean granteeIncludeGroupsGranteeBelongs) throws ServiceException {
verifyAccessManager();
if (targetType == null && granteeType == null) {
throw ServiceException.INVALID_REQUEST("at least one of target or grantee must be specified", null);
}
// target
TargetType tt = null;
Entry targetEntry = null;
if (targetType != null) {
tt = TargetType.fromCode(targetType);
targetEntry = TargetType.lookupTarget(prov, tt, targetBy, target);
}
// grantee
GranteeType gt = null;
NamedEntry granteeEntry = null;
Set<String> granteeFilter = null;
Boolean isGranteeAnAdmin = null;
if (granteeType != null) {
gt = GranteeType.fromCode(granteeType);
granteeEntry = GranteeType.lookupGrantee(prov, gt, granteeBy, grantee);
isGranteeAnAdmin = RightBearer.isValidGranteeForAdminRights(gt, granteeEntry);
if (granteeIncludeGroupsGranteeBelongs) {
Grantee theGrantee = Grantee.getGrantee(granteeEntry, false);
granteeFilter = theGrantee.getIdAndGroupIds();
} else {
granteeFilter = new HashSet<String>();
granteeFilter.add(granteeEntry.getId());
}
}
Grants grants = new Grants();
if (targetEntry != null) {
// get ACL from the target
ZimbraACL zimbraAcl = ACLUtil.getACL(targetEntry);
// then filter by grnatee if grantee is specified
grants.addGrants(tt, targetEntry, zimbraAcl, granteeFilter, isGranteeAnAdmin);
} else {
/*
* no specific target, search for grants granted to
* the grantee (and optionally groups the specified
* grantee belongs to)
*
* If we come to this path, grantee must have been
* specified.
*/
// we want all target types
Set<TargetType> targetTypesToSearch = new HashSet<TargetType>(Arrays.asList(TargetType.values()));
SearchGrants searchGrants = new SearchGrants(prov, targetTypesToSearch, granteeFilter);
Set<GrantsOnTarget> grantsOnTargets = searchGrants.doSearch().getResults();
for (GrantsOnTarget grantsOnTarget : grantsOnTargets) {
Entry grantedOnEntry = grantsOnTarget.getTargetEntry();
ZimbraACL acl = grantsOnTarget.getAcl();
TargetType grantedOnTargetType = TargetType.getTargetType(grantedOnEntry);
grants.addGrants(grantedOnTargetType, grantedOnEntry, acl, granteeFilter, isGranteeAnAdmin);
}
}
return grants;
}
Also used :
GrantsOnTarget(com.zimbra.cs.account.accesscontrol.SearchGrants.GrantsOnTarget)
NamedEntry(com.zimbra.cs.account.NamedEntry)
Grantee(com.zimbra.cs.account.accesscontrol.RightBearer.Grantee)
NamedEntry(com.zimbra.cs.account.NamedEntry)
Entry(com.zimbra.cs.account.Entry)
HashSet(java.util.HashSet)
Example 64 with NamedEntry
use of com.zimbra.cs.account.NamedEntry in project zm-mailbox by Zimbra.
the class ImapHandler method doGETACL.
boolean doGETACL(String tag, ImapPath path) throws IOException {
if (!checkState(tag, State.AUTHENTICATED)) {
return true;
}
StringBuilder i4acl = new StringBuilder("ACL ").append(path.asUtf7String());
try {
// make sure the requester has sufficient permissions to make the request
if ((path.getFolderRights() & ACL.RIGHT_ADMIN) == 0) {
ZimbraLog.imap.info("GETACL failed: user does not have admin access: %s", path);
sendNO(tag, "GETACL failed");
return true;
}
// the target folder's owner always has full rights
Account owner = path.getOwnerAccount();
if (owner != null) {
i4acl.append(" \"").append(owner.getName()).append("\" ").append(IMAP_CONCATENATED_RIGHTS);
}
// write out the grants to all users and groups
Short anyoneRights = null;
Object folderobj = path.getFolder();
if (folderobj instanceof Folder) {
ACL acl = ((Folder) folderobj).getEffectiveACL();
if (acl != null) {
for (ACL.Grant grant : acl.getGrants()) {
byte type = grant.getGranteeType();
short rights = grant.getGrantedRights();
if (type == ACL.GRANTEE_AUTHUSER || type == ACL.GRANTEE_PUBLIC) {
anyoneRights = (short) ((anyoneRights == null ? 0 : anyoneRights) | rights);
} else if (type == ACL.GRANTEE_USER || type == ACL.GRANTEE_GROUP) {
NamedEntry entry = FolderAction.lookupGranteeByZimbraId(grant.getGranteeId(), type);
if (entry != null) {
i4acl.append(" \"").append(entry.getName()).append("\" ").append(exportRights(rights));
}
}
}
}
} else {
for (ZGrant zgrant : ((ZFolder) folderobj).getGrants()) {
ZGrant.GranteeType ztype = zgrant.getGranteeType();
short rights = ACL.stringToRights(zgrant.getPermissions());
if (ztype == ZGrant.GranteeType.pub || ztype == ZGrant.GranteeType.all) {
anyoneRights = (short) ((anyoneRights == null ? 0 : anyoneRights) | rights);
} else if (ztype == ZGrant.GranteeType.usr || ztype == ZGrant.GranteeType.grp) {
byte granteeType = ztype == ZGrant.GranteeType.usr ? ACL.GRANTEE_USER : ACL.GRANTEE_GROUP;
NamedEntry entry = FolderAction.lookupGranteeByZimbraId(zgrant.getGranteeId(), granteeType);
if (entry != null) {
i4acl.append(" \"").append(entry.getName()).append("\" ").append(exportRights(rights));
}
}
}
}
// aggregate all the "public" and "auth user" grants into the "anyone" IMAP ACL
if (anyoneRights != null) {
i4acl.append(" anyone ").append(exportRights(anyoneRights));
}
} catch (ServiceException e) {
if (e.getCode().equals(ServiceException.PERM_DENIED)) {
ZimbraLog.imap.info("GETACL failed: permission denied on folder: %s", path);
} else if (e.getCode().equals(MailServiceException.NO_SUCH_FOLDER)) {
ZimbraLog.imap.info("GETACL failed: no such folder: %s", path);
} else {
ZimbraLog.imap.warn("GETACL failed", e);
}
sendNO(tag, "GETACL failed");
return true;
}
sendUntagged(i4acl.toString());
sendNotifications(true, false);
sendOK(tag, "GETACL completed");
return true;
}
Also used :
GuestAccount(com.zimbra.cs.account.GuestAccount)
Account(com.zimbra.cs.account.Account)
ACL(com.zimbra.cs.mailbox.ACL)
SearchFolder(com.zimbra.cs.mailbox.SearchFolder)
Folder(com.zimbra.cs.mailbox.Folder)
ZFolder(com.zimbra.client.ZFolder)
NamedEntry(com.zimbra.cs.account.NamedEntry)
ZGrant(com.zimbra.client.ZGrant)
AccountServiceException(com.zimbra.cs.account.AccountServiceException)
ServiceException(com.zimbra.common.service.ServiceException)
MailServiceException(com.zimbra.cs.mailbox.MailServiceException)
ZFolder(com.zimbra.client.ZFolder)
Example 65 with NamedEntry
use of com.zimbra.cs.account.NamedEntry in project zm-mailbox by Zimbra.
the class ExternalUserProvServlet method provisionVirtualAccountAndRedirect.
private static void provisionVirtualAccountAndRedirect(HttpServletRequest req, HttpServletResponse resp, String displayName, String password, String grantorId, String extUserEmail) throws ServletException {
Provisioning prov = Provisioning.getInstance();
try {
Account owner = prov.getAccountById(grantorId);
Domain domain = prov.getDomain(owner);
Account grantee = prov.getAccountByName(mapExtEmailToAcctName(extUserEmail, domain));
if (grantee != null) {
throw new ServletException("invalid request: account already exists");
}
// search all shares accessible to the external user
SearchAccountsOptions searchOpts = new SearchAccountsOptions(domain, new String[] { Provisioning.A_zimbraId, Provisioning.A_displayName, Provisioning.A_zimbraSharedItem });
// get all groups extUserEmail belongs to
GuestAccount guestAcct = new GuestAccount(extUserEmail, null);
List<String> groupIds = prov.getGroupMembership(guestAcct, false).groupIds();
List<String> grantees = Lists.newArrayList(extUserEmail);
grantees.addAll(groupIds);
searchOpts.setFilter(ZLdapFilterFactory.getInstance().accountsByGrants(grantees, false, false));
List<NamedEntry> accounts = prov.searchDirectory(searchOpts);
if (accounts.isEmpty()) {
throw new ServletException("no shares discovered");
}
// create external account
Map<String, Object> attrs = new HashMap<String, Object>();
attrs.put(Provisioning.A_zimbraIsExternalVirtualAccount, ProvisioningConstants.TRUE);
attrs.put(Provisioning.A_zimbraExternalUserMailAddress, extUserEmail);
attrs.put(Provisioning.A_zimbraMailHost, prov.getLocalServer().getServiceHostname());
if (!StringUtil.isNullOrEmpty(displayName)) {
attrs.put(Provisioning.A_displayName, displayName);
}
attrs.put(Provisioning.A_zimbraHideInGal, ProvisioningConstants.TRUE);
attrs.put(Provisioning.A_zimbraMailStatus, Provisioning.MailStatus.disabled.toString());
if (!StringUtil.isNullOrEmpty(password)) {
attrs.put(Provisioning.A_zimbraVirtualAccountInitialPasswordSet, ProvisioningConstants.TRUE);
}
grantee = prov.createAccount(mapExtEmailToAcctName(extUserEmail, domain), password, attrs);
// create external account mailbox
Mailbox granteeMbox;
try {
granteeMbox = MailboxManager.getInstance().getMailboxByAccount(grantee);
} catch (ServiceException e) {
// mailbox creation failed; delete the account also so that it is a clean state before
// the next attempt
prov.deleteAccount(grantee.getId());
throw e;
}
// create mountpoints
Set<MailItem.Type> viewTypes = new HashSet<MailItem.Type>();
for (NamedEntry ne : accounts) {
Account account = (Account) ne;
String[] sharedItems = account.getSharedItem();
for (String sharedItem : sharedItems) {
ShareInfoData shareData = AclPushSerializer.deserialize(sharedItem);
if (!granteeMatchesShare(shareData, grantee)) {
continue;
}
String sharedFolderPath = shareData.getPath();
String mountpointName = getMountpointName(account, grantee, sharedFolderPath);
MailItem.Type viewType = shareData.getFolderDefaultViewCode();
Mountpoint mtpt = granteeMbox.createMountpoint(null, getMptParentFolderId(viewType, prov), mountpointName, account.getId(), shareData.getItemId(), shareData.getItemUuid(), viewType, 0, MailItem.DEFAULT_COLOR, false);
if (viewType == MailItem.Type.APPOINTMENT) {
// make sure that the mountpoint is checked in the UI by default
granteeMbox.alterTag(null, mtpt.getId(), mtpt.getType(), Flag.FlagInfo.CHECKED, true, null);
}
viewTypes.add(viewType);
}
}
enableAppFeatures(grantee, viewTypes);
setCookieAndRedirect(req, resp, grantee);
} catch (Exception e) {
throw new ServletException(e);
}
}
Also used :
GuestAccount(com.zimbra.cs.account.GuestAccount)
Account(com.zimbra.cs.account.Account)
SearchAccountsOptions(com.zimbra.cs.account.SearchAccountsOptions)
GuestAccount(com.zimbra.cs.account.GuestAccount)
HashMap(java.util.HashMap)
ShareInfoData(com.zimbra.cs.account.ShareInfoData)
Provisioning(com.zimbra.cs.account.Provisioning)
ServletException(javax.servlet.ServletException)
ServiceException(com.zimbra.common.service.ServiceException)
IOException(java.io.IOException)
AuthTokenException(com.zimbra.cs.account.AuthTokenException)
ServletException(javax.servlet.ServletException)
NamedEntry(com.zimbra.cs.account.NamedEntry)
MailItem(com.zimbra.cs.mailbox.MailItem)
Mailbox(com.zimbra.cs.mailbox.Mailbox)
ZMailbox(com.zimbra.client.ZMailbox)
ServiceException(com.zimbra.common.service.ServiceException)
Domain(com.zimbra.cs.account.Domain)
ZMountpoint(com.zimbra.client.ZMountpoint)
Mountpoint(com.zimbra.cs.mailbox.Mountpoint)
HashSet(java.util.HashSet)
Aggregations
NamedEntry (com.zimbra.cs.account.NamedEntry)109
Account (com.zimbra.cs.account.Account)51
ServiceException (com.zimbra.common.service.ServiceException)26
Domain (com.zimbra.cs.account.Domain)24
Provisioning (com.zimbra.cs.account.Provisioning)23
AccountServiceException (com.zimbra.cs.account.AccountServiceException)19
ProvTest (com.zimbra.qa.unittest.prov.ProvTest)19
DistributionList (com.zimbra.cs.account.DistributionList)18
SearchDirectoryOptions (com.zimbra.cs.account.SearchDirectoryOptions)18
HashSet (java.util.HashSet)17
Entry (com.zimbra.cs.account.Entry)15
HashMap (java.util.HashMap)15
Element (com.zimbra.common.soap.Element)14
Group (com.zimbra.cs.account.Group)14
SearchAccountsOptions (com.zimbra.cs.account.SearchAccountsOptions)12
GuestAccount (com.zimbra.cs.account.GuestAccount)8
MailTarget (com.zimbra.cs.account.MailTarget)8
LdapDomain (com.zimbra.cs.account.ldap.entry.LdapDomain)8
AccessManager (com.zimbra.cs.account.AccessManager)7
DynamicGroup (com.zimbra.cs.account.DynamicGroup)7
