Examples with NamedEntry com.zimbra.cs.account.NamedEntry used on opensource projects

Example 26 with NamedEntry

use of com.zimbra.cs.account.NamedEntry in project zm-mailbox by Zimbra.

the class RightCommand method revokeRight.

public static void revokeRight(Provisioning prov, Account authedAcct, TargetType tt, TargetBy targetBy, String target, GranteeType gt, GranteeBy granteeBy, String grantee, String right, RightModifier rightModifier) throws ServiceException {
    verifyAccessManager();
    // target
    Entry targetEntry = TargetType.lookupTarget(prov, tt, targetBy, target);
    // grantee
    NamedEntry granteeEntry = null;
    String granteeId = null;
    try {
        if (gt.isZimbraEntry()) {
            granteeEntry = GranteeType.lookupGrantee(prov, gt, granteeBy, grantee);
            granteeId = granteeEntry.getId();
        } else {
            // for all and pub, ZimbraACE will use the correct id, granteeId here will be ignored
            // for guest, grantee id is the email
            // for key, grantee id is the display name
            granteeId = grantee;
        }
    } catch (AccountServiceException e) {
        String code = e.getCode();
        if (AccountServiceException.NO_SUCH_ACCOUNT.equals(code) || AccountServiceException.NO_SUCH_DISTRIBUTION_LIST.equals(code) || Constants.ERROR_CODE_NO_SUCH_DOMAIN.equals(code)) {
            ZimbraLog.acl.warn("revokeRight: no such grantee " + grantee);
            // if granteeBy is id, we try to revoke the orphan grant
            if (granteeBy == GranteeBy.id)
                granteeId = grantee;
            else
                throw ServiceException.INVALID_REQUEST("cannot find grantee by name: " + grantee + ", try revoke by grantee id if you want to remove the orphan grant", e);
        } else
            throw e;
    }
    // right
    // note: if a forbidden attr is persisted in an ACL in an inline attr right
    // (it can get in in a release before the attr is considered forbidden),
    // the getRight() call will throw exception.
    // Such grants will have to be removed by "zmprov modify{Entry} zimbraACE ..."
    // command.  We do NOT want to do any special treatment here because those
    // grants are not even loaded into memory, which is nice and clean, we don't
    // want to hack that part.
    Right r = RightManager.getInstance().getRight(right);
    if (granteeEntry != null) {
        validateGrant(authedAcct, tt, targetEntry, gt, granteeEntry, null, r, rightModifier, true);
    }
    Set<ZimbraACE> aces = new HashSet<ZimbraACE>();
    ZimbraACE ace = new ZimbraACE(granteeId, gt, r, rightModifier, null);
    aces.add(ace);
    List<ZimbraACE> revoked = ACLUtil.revokeRight(prov, targetEntry, aces);
    if (revoked.isEmpty())
        throw AccountServiceException.NO_SUCH_GRANT(ace.dump(true));
}

Example 27 with NamedEntry

use of com.zimbra.cs.account.NamedEntry in project zm-mailbox by Zimbra.

the class RightCommand method grantRightInternal.

private static void grantRightInternal(Provisioning prov, Account authedAcct, TargetType tt, TargetBy targetBy, String target, GranteeType gt, GranteeBy granteeBy, String grantee, String secret, String right, RightModifier rightModifier, boolean dryRun) throws ServiceException {
    verifyAccessManager();
    // target
    Entry targetEntry = TargetType.lookupTarget(prov, tt, targetBy, target);
    // right
    Right r = RightManager.getInstance().getRight(right);
    // grantee
    NamedEntry granteeEntry = null;
    String granteeId;
    if (gt.isZimbraEntry()) {
        granteeEntry = GranteeType.lookupGrantee(prov, gt, granteeBy, grantee);
        granteeId = granteeEntry.getId();
    } else if (gt == GranteeType.GT_EXT_GROUP) {
        boolean asAdmin = !r.isUserRight();
        ExternalGroup extGroup = ExternalGroup.get(DomainBy.name, grantee, asAdmin);
        if (extGroup == null) {
            throw ServiceException.INVALID_REQUEST("unable to find external group " + grantee, null);
        }
        granteeId = extGroup.getId();
    } else {
        // for all and pub, ZimbraACE will use the correct id, granteeId here will be ignored
        // for guest, grantee id is the email
        // for key, grantee id is the display name
        granteeId = grantee;
    }
    validateGrant(authedAcct, tt, targetEntry, gt, granteeEntry, secret, r, rightModifier, false);
    if (dryRun) {
        return;
    }
    Set<ZimbraACE> aces = new HashSet<ZimbraACE>();
    ZimbraACE ace = new ZimbraACE(granteeId, gt, r, rightModifier, secret);
    aces.add(ace);
    ACLUtil.grantRight(prov, targetEntry, aces);
}

Example 28 with NamedEntry

use of com.zimbra.cs.account.NamedEntry in project zm-mailbox by Zimbra.

the class LdapProvisioning method getAllGroups.

/**
 * Get all static distribution lists and dynamic groups
 */
@SuppressWarnings("unchecked")
@Override
public List getAllGroups(Domain domain) throws ServiceException {
    SearchDirectoryOptions searchOpts = new SearchDirectoryOptions(domain);
    searchOpts.setFilter(mDIT.filterGroupsByDomain(domain));
    searchOpts.setTypes(ObjectType.distributionlists, ObjectType.dynamicgroups);
    searchOpts.setSortOpt(SortOpt.SORT_ASCENDING);
    List<NamedEntry> groups = (List<NamedEntry>) searchDirectoryInternal(searchOpts);
    return groups;
}

Example 29 with NamedEntry

use of com.zimbra.cs.account.NamedEntry in project zm-mailbox by Zimbra.

the class LdapProvisioning method getNamesForIds.

@Override
public Map<String, String> getNamesForIds(Set<String> ids, EntryType type) throws ServiceException {
    final Map<String, String> result = new HashMap<String, String>();
    Set<String> unresolvedIds;
    NamedEntry entry;
    final String nameAttr;
    final EntryType entryType = type;
    String base;
    String objectClass;
    switch(entryType) {
        case account:
            unresolvedIds = new HashSet<String>();
            for (String id : ids) {
                entry = accountCache.getById(id);
                if (entry != null)
                    result.put(id, entry.getName());
                else
                    unresolvedIds.add(id);
            }
            nameAttr = Provisioning.A_zimbraMailDeliveryAddress;
            base = mDIT.mailBranchBaseDN();
            objectClass = AttributeClass.OC_zimbraAccount;
            break;
        case group:
            unresolvedIds = ids;
            // see dnToEmail
            nameAttr = Provisioning.A_uid;
            base = mDIT.mailBranchBaseDN();
            objectClass = AttributeClass.OC_zimbraDistributionList;
            break;
        case cos:
            unresolvedIds = new HashSet<String>();
            for (String id : ids) {
                entry = cosCache.getById(id);
                if (entry != null)
                    result.put(id, entry.getName());
                else
                    unresolvedIds.add(id);
            }
            nameAttr = Provisioning.A_cn;
            base = mDIT.cosBaseDN();
            objectClass = AttributeClass.OC_zimbraCOS;
            break;
        case domain:
            unresolvedIds = new HashSet<String>();
            for (String id : ids) {
                entry = getFromCache(Key.DomainBy.id, id, GetFromDomainCacheOption.POSITIVE);
                if (entry != null)
                    result.put(id, entry.getName());
                else
                    unresolvedIds.add(id);
            }
            nameAttr = Provisioning.A_zimbraDomainName;
            base = mDIT.domainBaseDN();
            objectClass = AttributeClass.OC_zimbraDomain;
            break;
        default:
            throw ServiceException.FAILURE("unsupported entry type for getNamesForIds" + type.name(), null);
    }
    // we are done if all ids can be resolved in our cache
    if (unresolvedIds.size() == 0)
        return result;
    SearchLdapVisitor visitor = new SearchLdapVisitor() {

        @Override
        public void visit(String dn, Map<String, Object> attrs, IAttributes ldapAttrs) {
            String id = (String) attrs.get(Provisioning.A_zimbraId);
            String name = null;
            try {
                switch(entryType) {
                    case account:
                        name = ldapAttrs.getAttrString(Provisioning.A_zimbraMailDeliveryAddress);
                        if (name == null)
                            name = mDIT.dnToEmail(dn, ldapAttrs);
                        break;
                    case group:
                        name = mDIT.dnToEmail(dn, ldapAttrs);
                        break;
                    case cos:
                        name = ldapAttrs.getAttrString(Provisioning.A_cn);
                        break;
                    case domain:
                        name = ldapAttrs.getAttrString(Provisioning.A_zimbraDomainName);
                        break;
                }
            } catch (ServiceException e) {
                name = null;
            }
            if (name != null)
                result.put(id, name);
        }
    };
    String[] returnAttrs = new String[] { Provisioning.A_zimbraId, nameAttr };
    searchNamesForIds(unresolvedIds, base, objectClass, returnAttrs, visitor);
    return result;
}

Example 30 with NamedEntry

use of com.zimbra.cs.account.NamedEntry in project zm-mailbox by Zimbra.

the class LdapProvisioning method getAllHabGroups.

@Override
public List getAllHabGroups(Domain domain, String rootDn) throws ServiceException {
    SearchDirectoryOptions searchOpts = new SearchDirectoryOptions(domain);
    searchOpts.setFilter(mDIT.filterHabGroupsByDn());
    searchOpts.setTypes(ObjectType.habgroups);
    searchOpts.setSortOpt(SortOpt.SORT_ASCENDING);
    searchOpts.setHabRootGroupDn(rootDn);
    List<NamedEntry> groups = (List<NamedEntry>) searchDirectoryInternal(searchOpts);
    return groups;
}