Example 81 with NamedEntry
use of com.zimbra.cs.account.NamedEntry in project zm-mailbox by Zimbra.
the class FolderAction method lookupGranteeByName.
static NamedEntry lookupGranteeByName(String name, byte type, ZimbraSoapContext zsc) throws ServiceException {
if (type == ACL.GRANTEE_AUTHUSER || type == ACL.GRANTEE_PUBLIC || type == ACL.GRANTEE_GUEST || type == ACL.GRANTEE_KEY)
return null;
Provisioning prov = Provisioning.getInstance();
// for addresses, default to the authenticated user's domain
if ((type == ACL.GRANTEE_USER || type == ACL.GRANTEE_GROUP) && name.indexOf('@') == -1) {
Account authacct = prov.get(AccountBy.id, zsc.getAuthtokenAccountId(), zsc.getAuthToken());
String authname = (authacct == null ? null : authacct.getName());
if (authacct != null)
name += authname.substring(authname.indexOf('@'));
}
NamedEntry nentry = null;
if (name != null)
switch(type) {
case ACL.GRANTEE_COS:
nentry = prov.get(Key.CosBy.name, name);
break;
case ACL.GRANTEE_DOMAIN:
nentry = prov.get(Key.DomainBy.name, name);
break;
case ACL.GRANTEE_USER:
nentry = lookupEmailAddress(name);
break;
case ACL.GRANTEE_GROUP:
nentry = prov.getGroup(Key.DistributionListBy.name, name);
break;
}
if (nentry != null)
return nentry;
switch(type) {
case ACL.GRANTEE_COS:
throw AccountServiceException.NO_SUCH_COS(name);
case ACL.GRANTEE_DOMAIN:
throw AccountServiceException.NO_SUCH_DOMAIN(name);
case ACL.GRANTEE_USER:
throw AccountServiceException.NO_SUCH_ACCOUNT(name);
case ACL.GRANTEE_GROUP:
throw AccountServiceException.NO_SUCH_DISTRIBUTION_LIST(name);
default:
throw ServiceException.FAILURE("LDAP entry not found for " + name + " : " + type, null);
}
}
Also used :
GuestAccount(com.zimbra.cs.account.GuestAccount)
Account(com.zimbra.cs.account.Account)
NamedEntry(com.zimbra.cs.account.NamedEntry)
Provisioning(com.zimbra.cs.account.Provisioning)
Example 82 with NamedEntry
use of com.zimbra.cs.account.NamedEntry in project zm-mailbox by Zimbra.
the class FolderAction method lookupEmailAddress.
public static NamedEntry lookupEmailAddress(String name) throws ServiceException {
if (name.indexOf('<') > 0) {
InternetAddress addr = new InternetAddress(name);
name = addr.getAddress();
}
Provisioning prov = Provisioning.getInstance();
NamedEntry nentry = prov.get(AccountBy.name, name);
if (nentry == null) {
nentry = prov.getGroup(Key.DistributionListBy.name, name);
}
return nentry;
}
Also used :
NamedEntry(com.zimbra.cs.account.NamedEntry)
InternetAddress(com.zimbra.common.mime.InternetAddress)
Provisioning(com.zimbra.cs.account.Provisioning)
Example 83 with NamedEntry
use of com.zimbra.cs.account.NamedEntry in project zm-mailbox by Zimbra.
the class FolderAction method revokeOrphanGrants.
private void revokeOrphanGrants(OperationContext octxt, Mailbox mbox, ItemId iid, String granteeId, byte gtype) throws ServiceException {
// check if the grantee still exists
SearchDirectoryOptions opts = new SearchDirectoryOptions();
if (gtype == ACL.GRANTEE_USER) {
opts.addType(SearchDirectoryOptions.ObjectType.accounts);
opts.addType(SearchDirectoryOptions.ObjectType.resources);
} else if (gtype == ACL.GRANTEE_GROUP) {
opts.addType(SearchDirectoryOptions.ObjectType.distributionlists);
} else if (gtype == ACL.GRANTEE_COS) {
opts.addType(SearchDirectoryOptions.ObjectType.coses);
} else if (gtype == ACL.GRANTEE_DOMAIN) {
opts.addType(SearchDirectoryOptions.ObjectType.domains);
} else {
throw ServiceException.INVALID_REQUEST("invalid grantee type for revokeOrphanGrants", null);
}
String query = "(" + Provisioning.A_zimbraId + "=" + granteeId + ")";
opts.setFilterString(FilterId.SEARCH_GRANTEE, query);
// search the grantee on LDAP master
opts.setOnMaster(true);
List<NamedEntry> entries = Provisioning.getInstance().searchDirectory(opts);
if (entries.size() != 0) {
throw ServiceException.INVALID_REQUEST("grantee " + granteeId + " exists", null);
}
// the grantee indeed does not exist, revoke all grants granted to the grantee
// in this folder and all subfolders
FolderNode rootNode = mbox.getFolderTree(octxt, iid, true);
revokeOrphanGrants(octxt, mbox, rootNode, granteeId, gtype);
}
Also used :
SearchDirectoryOptions(com.zimbra.cs.account.SearchDirectoryOptions)
NamedEntry(com.zimbra.cs.account.NamedEntry)
FolderNode(com.zimbra.cs.mailbox.Mailbox.FolderNode)
Example 84 with NamedEntry
use of com.zimbra.cs.account.NamedEntry in project zm-mailbox by Zimbra.
the class CheckPermission method handle.
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
ZimbraSoapContext zsc = getZimbraSoapContext(context);
Provisioning prov = Provisioning.getInstance();
Element eTarget = request.getElement(MailConstants.E_TARGET);
String targetType = eTarget.getAttribute(MailConstants.A_TARGET_TYPE);
TargetType tt = TargetType.fromCode(targetType);
String targetBy = eTarget.getAttribute(MailConstants.A_TARGET_BY);
String targetValue = eTarget.getText();
NamedEntry entry = null;
Element response = zsc.createElement(MailConstants.CHECK_PERMISSION_RESPONSE);
if (TargetType.account == tt) {
AccountBy acctBy = AccountBy.fromString(targetBy);
entry = prov.get(acctBy, targetValue, zsc.getAuthToken());
if (entry == null && acctBy == AccountBy.id) {
throw AccountServiceException.NO_SUCH_ACCOUNT(targetValue);
}
// otherwise, the target could be an external user, let it fall through
// to return the default permission.
} else if (TargetType.calresource == tt) {
Key.CalendarResourceBy crBy = Key.CalendarResourceBy.fromString(targetBy);
entry = prov.get(crBy, targetValue);
if (entry == null && crBy == Key.CalendarResourceBy.id) {
throw AccountServiceException.NO_SUCH_CALENDAR_RESOURCE(targetValue);
}
} else if (TargetType.dl == tt) {
Key.DistributionListBy dlBy = Key.DistributionListBy.fromString(targetBy);
entry = prov.getGroupBasic(dlBy, targetValue);
if (entry == null && dlBy == Key.DistributionListBy.id) {
throw AccountServiceException.NO_SUCH_CALENDAR_RESOURCE(targetValue);
}
} else {
throw ServiceException.INVALID_REQUEST("invalid target type: " + targetType, null);
}
List<UserRight> rights = new ArrayList<UserRight>();
for (Element eRight : request.listElements(MailConstants.E_RIGHT)) {
UserRight r = RightManager.getInstance().getUserRight(eRight.getText());
rights.add(r);
}
boolean finalResult = true;
AccessManager am = AccessManager.getInstance();
for (UserRight right : rights) {
boolean allow = am.canDo(zsc.getAuthToken(), entry, right, false);
if (allow && DiscoverRights.isDelegatedSendRight(right) && TargetBy.name.name().equals(targetBy)) {
allow = AccountUtil.isAllowedSendAddress(entry, targetValue);
}
response.addElement(MailConstants.E_RIGHT).addAttribute(MailConstants.A_ALLOW, allow).setText(right.getName());
finalResult = finalResult & allow;
}
return returnResponse(response, finalResult);
}
Also used :
AccessManager(com.zimbra.cs.account.AccessManager)
UserRight(com.zimbra.cs.account.accesscontrol.UserRight)
Element(com.zimbra.common.soap.Element)
ArrayList(java.util.ArrayList)
Provisioning(com.zimbra.cs.account.Provisioning)
AccountBy(com.zimbra.common.account.Key.AccountBy)
NamedEntry(com.zimbra.cs.account.NamedEntry)
ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext)
TargetType(com.zimbra.cs.account.accesscontrol.TargetType)
Key(com.zimbra.common.account.Key)
Example 85 with NamedEntry
use of com.zimbra.cs.account.NamedEntry in project zm-mailbox by Zimbra.
the class ToXML method encodeACL.
// encode mailbox ACL
public static Element encodeACL(OperationContext octxt, Element parent, ACL acl, boolean exposeAclAccessKey) {
Element eACL = parent.addUniqueElement(MailConstants.E_ACL);
if (acl == null) {
return eACL;
}
if (acl.getInternalGrantExpiry() != 0) {
eACL.addAttribute(MailConstants.A_INTERNAL_GRANT_EXPIRY, acl.getInternalGrantExpiry());
}
if (acl.getGuestGrantExpiry() != 0) {
eACL.addAttribute(MailConstants.A_GUEST_GRANT_EXPIRY, acl.getGuestGrantExpiry());
}
boolean needDispName = OperationContextData.getNeedGranteeName(octxt);
for (ACL.Grant grant : acl.getGrants()) {
String name = null;
byte granteeType = grant.getGranteeType();
if (needDispName) {
//
// Get name of the grantee
//
// 1. try getting the name from the Grant, the name is set on the Grant
// if we are in the path of proxying sharing in ZD
name = grant.getGranteeName();
if (name == null) {
// 2. (for bug 35079), see if the name is already resolved in the in the OperationContextData
OperationContextData.GranteeNames granteeNames = OperationContextData.getGranteeNames(octxt);
if (granteeNames != null) {
name = granteeNames.getNameById(grant.getGranteeId(), granteeType);
}
// this *may* lead to a LDAP search if the id is not in cache
if (name == null) {
NamedEntry nentry = FolderAction.lookupGranteeByZimbraId(grant.getGranteeId(), granteeType);
if (nentry != null) {
name = nentry.getName();
}
}
}
}
Element eGrant = eACL.addElement(MailConstants.E_GRANT);
eGrant.addAttribute(MailConstants.A_ZIMBRA_ID, grant.getGranteeId()).addAttribute(MailConstants.A_GRANT_TYPE, ACL.typeToString(granteeType)).addAttribute(MailConstants.A_RIGHTS, ACL.rightsToString(grant.getGrantedRights()));
if (grant.getExpiry() != 0) {
eGrant.addAttribute(MailConstants.A_EXPIRY, grant.getExpiry());
}
if (needDispName) {
// refer to the same object
if (OperationContextData.GranteeNames.INVALID_GRANT == name) {
eGrant.addAttribute(MailConstants.A_INVALID, true);
eGrant.addAttribute(MailConstants.A_DISPLAY, OperationContextData.GranteeNames.EMPTY_NAME);
} else {
eGrant.addAttribute(MailConstants.A_DISPLAY, name);
}
}
if (granteeType == ACL.GRANTEE_KEY) {
if (exposeAclAccessKey) {
eGrant.addAttribute(MailConstants.A_ACCESSKEY, grant.getPassword());
}
} else {
eGrant.addAttribute(MailConstants.A_PASSWORD, grant.getPassword());
}
}
return eACL;
}
Also used :
NamedEntry(com.zimbra.cs.account.NamedEntry)
Element(com.zimbra.common.soap.Element)
ACL(com.zimbra.cs.mailbox.ACL)
OperationContextData(com.zimbra.cs.mailbox.OperationContextData)
Aggregations
NamedEntry (com.zimbra.cs.account.NamedEntry)109
Account (com.zimbra.cs.account.Account)51
ServiceException (com.zimbra.common.service.ServiceException)26
Domain (com.zimbra.cs.account.Domain)24
Provisioning (com.zimbra.cs.account.Provisioning)23
AccountServiceException (com.zimbra.cs.account.AccountServiceException)19
ProvTest (com.zimbra.qa.unittest.prov.ProvTest)19
DistributionList (com.zimbra.cs.account.DistributionList)18
SearchDirectoryOptions (com.zimbra.cs.account.SearchDirectoryOptions)18
HashSet (java.util.HashSet)17
Entry (com.zimbra.cs.account.Entry)15
HashMap (java.util.HashMap)15
Element (com.zimbra.common.soap.Element)14
Group (com.zimbra.cs.account.Group)14
SearchAccountsOptions (com.zimbra.cs.account.SearchAccountsOptions)12
GuestAccount (com.zimbra.cs.account.GuestAccount)8
MailTarget (com.zimbra.cs.account.MailTarget)8
LdapDomain (com.zimbra.cs.account.ldap.entry.LdapDomain)8
AccessManager (com.zimbra.cs.account.AccessManager)7
DynamicGroup (com.zimbra.cs.account.DynamicGroup)7
