Examples with Provisioning com.zimbra.cs.account.Provisioning used on opensource projects

Example 71 with Provisioning

use of com.zimbra.cs.account.Provisioning in project zm-mailbox by Zimbra.

the class CollectAllEffectiveRights method groupTest.

private static void groupTest() throws ServiceException {
    Provisioning prov = Provisioning.getInstance();
    DistributionList dl = prov.get(DistributionListBy.name, "group1@phoebe.mac");
    AllGroupMembers allMembers = allGroupMembers(dl);
    System.out.println("\naccounts");
    for (String member : allMembers.getMembers(TargetType.account)) System.out.println("  " + member);
    System.out.println("\ncalendar resources");
    for (String member : allMembers.getMembers(TargetType.calresource)) System.out.println("  " + member);
    System.out.println("\ngroups");
    for (String member : allMembers.getMembers(TargetType.dl)) System.out.println("  " + member);
}

Example 72 with Provisioning

use of com.zimbra.cs.account.Provisioning in project zm-mailbox by Zimbra.

the class ParticallyDenied method checkPartiallyDenied.

/**
     * Returns if rightToGrant is (partically) denied to grantor(or groups it belongs)
     * on sub-targets of targetToGrant.
     *
     * @param grantor              the "grantor" of the granting attempt
     * @param targetTypeToGrant    the target type of the granting attempt
     * @param targetToGrant        the target of the granting attempt
     * @param rightToGrant  the right of the granting attremp
     * @throws ServiceException
     */
static void checkPartiallyDenied(Account grantor, TargetType targetTypeToGrant, Entry targetToGrant, Right rightToGrant) throws ServiceException {
    if (AccessControlUtil.isGlobalAdmin(grantor, true))
        return;
    Provisioning prov = Provisioning.getInstance();
    // set of sub target types
    Set<TargetType> subTargetTypes = targetTypeToGrant.subTargetTypes();
    // set of target types any sub-right can be granted
    Set<TargetType> subRightsGrantableOnTargetTypes = new HashSet<TargetType>();
    getAllGrantableTargetTypes(rightToGrant, subRightsGrantableOnTargetTypes);
    // get the interset of the two, that would be the target types to search for
    Set<TargetType> targetTypesToSearch = SetUtil.intersect(subTargetTypes, subRightsGrantableOnTargetTypes);
    // if the intersect is empty, no need to search
    if (targetTypesToSearch.isEmpty())
        return;
    // get the set of zimbraId of the grantees to search for
    Grantee grantee = Grantee.getGrantee(grantor);
    Set<String> granteeIdsToSearch = grantee.getIdAndGroupIds();
    SearchGrants searchGrants = new SearchGrants(prov, targetTypesToSearch, granteeIdsToSearch);
    Set<GrantsOnTarget> grantsOnTargets = searchGrants.doSearch().getResults();
    // check grants granted to the grantor
    checkDenied(prov, targetToGrant, rightToGrant, grantsOnTargets, grantor.getId(), null);
    // check grants granted to any groups of the grantor
    checkDenied(prov, targetToGrant, rightToGrant, grantsOnTargets, null, granteeIdsToSearch);
// all is well, or else PERM_DENIED would've been thrown in one of the checkDenied calls
// yes, you can grant the rightToGrant on targetToGrant.
}

Example 73 with Provisioning

use of com.zimbra.cs.account.Provisioning in project zm-mailbox by Zimbra.

the class CollectAllEffectiveRights method setupShapeTest2.

private static void setupShapeTest2() throws ServiceException {
    Provisioning prov = Provisioning.getInstance();
    // create test
    String domainName = "test.com";
    Domain domain = prov.createDomain(domainName, new HashMap<String, Object>());
    DistributionList groupA = prov.createDistributionList("groupA@" + domainName, new HashMap<String, Object>());
    DistributionList groupB = prov.createDistributionList("groupB@" + domainName, new HashMap<String, Object>());
    DistributionList groupC = prov.createDistributionList("groupC@" + domainName, new HashMap<String, Object>());
    DistributionList groupD = prov.createDistributionList("groupD@" + domainName, new HashMap<String, Object>());
    String pw = "test123";
    Account A = prov.createAccount("A@" + domainName, pw, null);
    Account B = prov.createAccount("B@" + domainName, pw, null);
    Account C = prov.createAccount("C@" + domainName, pw, null);
    Account D = prov.createAccount("D@" + domainName, pw, null);
    groupA.addMembers(new String[] { A.getName(), groupB.getName() });
    groupB.addMembers(new String[] { B.getName(), groupC.getName() });
    groupC.addMembers(new String[] { C.getName(), groupD.getName() });
    groupD.addMembers(new String[] { D.getName() });
}

Example 74 with Provisioning

use of com.zimbra.cs.account.Provisioning in project zm-mailbox by Zimbra.

the class CollectAllEffectiveRights method shapeTest2.

private static void shapeTest2() throws ServiceException {
    setupShapeTest2();
    Provisioning prov = Provisioning.getInstance();
    // create test
    Set<DistributionList> groupsWithGrants = new HashSet<DistributionList>();
    String domainName = "test.com";
    groupsWithGrants.add(prov.get(DistributionListBy.name, "groupA@" + domainName));
    groupsWithGrants.add(prov.get(DistributionListBy.name, "groupB@" + domainName));
    groupsWithGrants.add(prov.get(DistributionListBy.name, "groupC@" + domainName));
    groupsWithGrants.add(prov.get(DistributionListBy.name, "groupD@" + domainName));
    Set<GroupShape> accountShapes = new HashSet<GroupShape>();
    Set<GroupShape> calendarResourceShapes = new HashSet<GroupShape>();
    Set<GroupShape> distributionListShapes = new HashSet<GroupShape>();
    for (DistributionList group : groupsWithGrants) {
        // group is an AclGroup, which contains only upward membership, not downward membership.
        // re-get the DistributionList object, which has the downward membership.
        DistributionList dl = prov.get(DistributionListBy.id, group.getId());
        AllGroupMembers allMembers = allGroupMembers(dl);
        GroupShape.shapeMembers(TargetType.account, accountShapes, allMembers);
        GroupShape.shapeMembers(TargetType.calresource, calendarResourceShapes, allMembers);
        GroupShape.shapeMembers(TargetType.dl, distributionListShapes, allMembers);
    }
    int count = 1;
    for (GroupShape shape : accountShapes) {
        System.out.println("\n" + count++);
        for (String group : shape.getGroups()) System.out.println("group " + group);
        for (String member : shape.getMembers()) System.out.println("    " + member);
    }
}

Example 75 with Provisioning

use of com.zimbra.cs.account.Provisioning in project zm-mailbox by Zimbra.

the class ChildAccount method preModify.

@Override
public void preModify(CallbackContext context, String attrName, Object value, Map attrsToModify, Entry entry) throws ServiceException {
    /*
         * This callback is for both zimbraPrefChildVisibleAccount and zimbraChildAccount, and it handles
         * both in one shot.  If we've been called just return.
         */
    if (context.isDoneAndSetIfNot(ChildAccount.class)) {
        return;
    }
    // the +/- has been striped off from attrName but we need that info, it is in attrsToModify
    MultiValueMod visibleChildrenMod = multiValueMod(attrsToModify, Provisioning.A_zimbraPrefChildVisibleAccount);
    MultiValueMod allChildrenMod = multiValueMod(attrsToModify, Provisioning.A_zimbraChildAccount);
    Set<String> visibleChildren = newValuesToBe(visibleChildrenMod, entry, Provisioning.A_zimbraPrefChildVisibleAccount);
    Set<String> allChildren = newValuesToBe(allChildrenMod, entry, Provisioning.A_zimbraChildAccount);
    //if child account has already been deleted, let it go
    if (allChildren != null && !allChildren.contains(value)) {
        return;
    }
    if (allChildrenMod != null && allChildrenMod.deleting()) {
        attrsToModify.put(Provisioning.A_zimbraPrefChildVisibleAccount, "");
    } else {
        Set<String> vidsToRemove = new HashSet<String>();
        for (String vid : visibleChildren) {
            if (!allChildren.contains(vid)) {
                /*
                     * if the request is removing children but not updating the visible children, 
                     * we remove the visible children that are no longer a child.
                     * otherwise, throw exception if the mod results into a situation where a 
                     * visible child is not one of the children.
                     */
                if (allChildrenMod != null && allChildrenMod.removing() && visibleChildrenMod == null)
                    vidsToRemove.add(vid);
                else
                    throw ServiceException.INVALID_REQUEST("visible child id " + vid + " is not one of " + Provisioning.A_zimbraChildAccount, null);
            }
        }
        if (vidsToRemove.size() > 0)
            attrsToModify.put("-" + Provisioning.A_zimbraPrefChildVisibleAccount, vidsToRemove.toArray(new String[vidsToRemove.size()]));
    }
    // check circular relationship
    if (entry instanceof Account) {
        Provisioning prov = Provisioning.getInstance();
        Account parentAcct = (Account) entry;
        String parentId = parentAcct.getId();
        for (String childId : allChildren) {
            Account childAcct = prov.get(AccountBy.id, childId);
            if (childAcct == null)
                throw AccountServiceException.NO_SUCH_ACCOUNT(childId);
            String[] children = childAcct.getChildAccount();
            for (String child : children) {
                if (child.equals(parentId))
                    throw ServiceException.INVALID_REQUEST("child account " + childId + "(" + childAcct.getName() + ")" + " is parent of the parent account " + parentId + "(" + parentAcct.getName() + ")", null);
            }
        }
    }
}