Search in sources :

Example 71 with Provisioning

use of com.zimbra.cs.account.Provisioning in project zm-mailbox by Zimbra.

the class CollectAllEffectiveRights method groupTest.

private static void groupTest() throws ServiceException {
    Provisioning prov = Provisioning.getInstance();
    DistributionList dl = prov.get(DistributionListBy.name, "group1@phoebe.mac");
    AllGroupMembers allMembers = allGroupMembers(dl);
    System.out.println("\naccounts");
    for (String member : allMembers.getMembers(TargetType.account)) System.out.println("  " + member);
    System.out.println("\ncalendar resources");
    for (String member : allMembers.getMembers(TargetType.calresource)) System.out.println("  " + member);
    System.out.println("\ngroups");
    for (String member : allMembers.getMembers(TargetType.dl)) System.out.println("  " + member);
}
Also used : Provisioning(com.zimbra.cs.account.Provisioning) DistributionList(com.zimbra.cs.account.DistributionList)

Example 72 with Provisioning

use of com.zimbra.cs.account.Provisioning in project zm-mailbox by Zimbra.

the class ParticallyDenied method checkPartiallyDenied.

/**
     * Returns if rightToGrant is (partically) denied to grantor(or groups it belongs)
     * on sub-targets of targetToGrant.
     *
     * @param grantor              the "grantor" of the granting attempt
     * @param targetTypeToGrant    the target type of the granting attempt
     * @param targetToGrant        the target of the granting attempt
     * @param rightToGrant  the right of the granting attremp
     * @throws ServiceException
     */
static void checkPartiallyDenied(Account grantor, TargetType targetTypeToGrant, Entry targetToGrant, Right rightToGrant) throws ServiceException {
    if (AccessControlUtil.isGlobalAdmin(grantor, true))
        return;
    Provisioning prov = Provisioning.getInstance();
    // set of sub target types
    Set<TargetType> subTargetTypes = targetTypeToGrant.subTargetTypes();
    // set of target types any sub-right can be granted
    Set<TargetType> subRightsGrantableOnTargetTypes = new HashSet<TargetType>();
    getAllGrantableTargetTypes(rightToGrant, subRightsGrantableOnTargetTypes);
    // get the interset of the two, that would be the target types to search for
    Set<TargetType> targetTypesToSearch = SetUtil.intersect(subTargetTypes, subRightsGrantableOnTargetTypes);
    // if the intersect is empty, no need to search
    if (targetTypesToSearch.isEmpty())
        return;
    // get the set of zimbraId of the grantees to search for
    Grantee grantee = Grantee.getGrantee(grantor);
    Set<String> granteeIdsToSearch = grantee.getIdAndGroupIds();
    SearchGrants searchGrants = new SearchGrants(prov, targetTypesToSearch, granteeIdsToSearch);
    Set<GrantsOnTarget> grantsOnTargets = searchGrants.doSearch().getResults();
    // check grants granted to the grantor
    checkDenied(prov, targetToGrant, rightToGrant, grantsOnTargets, grantor.getId(), null);
    // check grants granted to any groups of the grantor
    checkDenied(prov, targetToGrant, rightToGrant, grantsOnTargets, null, granteeIdsToSearch);
// all is well, or else PERM_DENIED would've been thrown in one of the checkDenied calls
// yes, you can grant the rightToGrant on targetToGrant.
}
Also used : Grantee(com.zimbra.cs.account.accesscontrol.RightBearer.Grantee) GrantsOnTarget(com.zimbra.cs.account.accesscontrol.SearchGrants.GrantsOnTarget) Provisioning(com.zimbra.cs.account.Provisioning) HashSet(java.util.HashSet)

Example 73 with Provisioning

use of com.zimbra.cs.account.Provisioning in project zm-mailbox by Zimbra.

the class CollectAllEffectiveRights method setupShapeTest2.

private static void setupShapeTest2() throws ServiceException {
    Provisioning prov = Provisioning.getInstance();
    // create test
    String domainName = "test.com";
    Domain domain = prov.createDomain(domainName, new HashMap<String, Object>());
    DistributionList groupA = prov.createDistributionList("groupA@" + domainName, new HashMap<String, Object>());
    DistributionList groupB = prov.createDistributionList("groupB@" + domainName, new HashMap<String, Object>());
    DistributionList groupC = prov.createDistributionList("groupC@" + domainName, new HashMap<String, Object>());
    DistributionList groupD = prov.createDistributionList("groupD@" + domainName, new HashMap<String, Object>());
    String pw = "test123";
    Account A = prov.createAccount("A@" + domainName, pw, null);
    Account B = prov.createAccount("B@" + domainName, pw, null);
    Account C = prov.createAccount("C@" + domainName, pw, null);
    Account D = prov.createAccount("D@" + domainName, pw, null);
    groupA.addMembers(new String[] { A.getName(), groupB.getName() });
    groupB.addMembers(new String[] { B.getName(), groupC.getName() });
    groupC.addMembers(new String[] { C.getName(), groupD.getName() });
    groupD.addMembers(new String[] { D.getName() });
}
Also used : Account(com.zimbra.cs.account.Account) Domain(com.zimbra.cs.account.Domain) Provisioning(com.zimbra.cs.account.Provisioning) DistributionList(com.zimbra.cs.account.DistributionList)

Example 74 with Provisioning

use of com.zimbra.cs.account.Provisioning in project zm-mailbox by Zimbra.

the class CollectAllEffectiveRights method shapeTest2.

private static void shapeTest2() throws ServiceException {
    setupShapeTest2();
    Provisioning prov = Provisioning.getInstance();
    // create test
    Set<DistributionList> groupsWithGrants = new HashSet<DistributionList>();
    String domainName = "test.com";
    groupsWithGrants.add(prov.get(DistributionListBy.name, "groupA@" + domainName));
    groupsWithGrants.add(prov.get(DistributionListBy.name, "groupB@" + domainName));
    groupsWithGrants.add(prov.get(DistributionListBy.name, "groupC@" + domainName));
    groupsWithGrants.add(prov.get(DistributionListBy.name, "groupD@" + domainName));
    Set<GroupShape> accountShapes = new HashSet<GroupShape>();
    Set<GroupShape> calendarResourceShapes = new HashSet<GroupShape>();
    Set<GroupShape> distributionListShapes = new HashSet<GroupShape>();
    for (DistributionList group : groupsWithGrants) {
        // group is an AclGroup, which contains only upward membership, not downward membership.
        // re-get the DistributionList object, which has the downward membership.
        DistributionList dl = prov.get(DistributionListBy.id, group.getId());
        AllGroupMembers allMembers = allGroupMembers(dl);
        GroupShape.shapeMembers(TargetType.account, accountShapes, allMembers);
        GroupShape.shapeMembers(TargetType.calresource, calendarResourceShapes, allMembers);
        GroupShape.shapeMembers(TargetType.dl, distributionListShapes, allMembers);
    }
    int count = 1;
    for (GroupShape shape : accountShapes) {
        System.out.println("\n" + count++);
        for (String group : shape.getGroups()) System.out.println("group " + group);
        for (String member : shape.getMembers()) System.out.println("    " + member);
    }
}
Also used : Provisioning(com.zimbra.cs.account.Provisioning) HashSet(java.util.HashSet) DistributionList(com.zimbra.cs.account.DistributionList)

Example 75 with Provisioning

use of com.zimbra.cs.account.Provisioning in project zm-mailbox by Zimbra.

the class ChildAccount method preModify.

@Override
public void preModify(CallbackContext context, String attrName, Object value, Map attrsToModify, Entry entry) throws ServiceException {
    /*
         * This callback is for both zimbraPrefChildVisibleAccount and zimbraChildAccount, and it handles
         * both in one shot.  If we've been called just return.
         */
    if (context.isDoneAndSetIfNot(ChildAccount.class)) {
        return;
    }
    // the +/- has been striped off from attrName but we need that info, it is in attrsToModify
    MultiValueMod visibleChildrenMod = multiValueMod(attrsToModify, Provisioning.A_zimbraPrefChildVisibleAccount);
    MultiValueMod allChildrenMod = multiValueMod(attrsToModify, Provisioning.A_zimbraChildAccount);
    Set<String> visibleChildren = newValuesToBe(visibleChildrenMod, entry, Provisioning.A_zimbraPrefChildVisibleAccount);
    Set<String> allChildren = newValuesToBe(allChildrenMod, entry, Provisioning.A_zimbraChildAccount);
    //if child account has already been deleted, let it go
    if (allChildren != null && !allChildren.contains(value)) {
        return;
    }
    if (allChildrenMod != null && allChildrenMod.deleting()) {
        attrsToModify.put(Provisioning.A_zimbraPrefChildVisibleAccount, "");
    } else {
        Set<String> vidsToRemove = new HashSet<String>();
        for (String vid : visibleChildren) {
            if (!allChildren.contains(vid)) {
                /*
                     * if the request is removing children but not updating the visible children, 
                     * we remove the visible children that are no longer a child.
                     * otherwise, throw exception if the mod results into a situation where a 
                     * visible child is not one of the children.
                     */
                if (allChildrenMod != null && allChildrenMod.removing() && visibleChildrenMod == null)
                    vidsToRemove.add(vid);
                else
                    throw ServiceException.INVALID_REQUEST("visible child id " + vid + " is not one of " + Provisioning.A_zimbraChildAccount, null);
            }
        }
        if (vidsToRemove.size() > 0)
            attrsToModify.put("-" + Provisioning.A_zimbraPrefChildVisibleAccount, vidsToRemove.toArray(new String[vidsToRemove.size()]));
    }
    // check circular relationship
    if (entry instanceof Account) {
        Provisioning prov = Provisioning.getInstance();
        Account parentAcct = (Account) entry;
        String parentId = parentAcct.getId();
        for (String childId : allChildren) {
            Account childAcct = prov.get(AccountBy.id, childId);
            if (childAcct == null)
                throw AccountServiceException.NO_SUCH_ACCOUNT(childId);
            String[] children = childAcct.getChildAccount();
            for (String child : children) {
                if (child.equals(parentId))
                    throw ServiceException.INVALID_REQUEST("child account " + childId + "(" + childAcct.getName() + ")" + " is parent of the parent account " + parentId + "(" + parentAcct.getName() + ")", null);
            }
        }
    }
}
Also used : Account(com.zimbra.cs.account.Account) Provisioning(com.zimbra.cs.account.Provisioning) HashSet(java.util.HashSet)

Aggregations

Provisioning (com.zimbra.cs.account.Provisioning)532 Account (com.zimbra.cs.account.Account)216 ZimbraSoapContext (com.zimbra.soap.ZimbraSoapContext)158 Element (com.zimbra.common.soap.Element)144 ServiceException (com.zimbra.common.service.ServiceException)96 BeforeClass (org.junit.BeforeClass)93 MockProvisioning (com.zimbra.cs.account.MockProvisioning)89 Server (com.zimbra.cs.account.Server)83 HashMap (java.util.HashMap)76 Domain (com.zimbra.cs.account.Domain)70 SoapProvisioning (com.zimbra.cs.account.soap.SoapProvisioning)53 Mailbox (com.zimbra.cs.mailbox.Mailbox)50 Cos (com.zimbra.cs.account.Cos)32 Test (org.junit.Test)30 NamedEntry (com.zimbra.cs.account.NamedEntry)25 AuthToken (com.zimbra.cs.account.AuthToken)23 Group (com.zimbra.cs.account.Group)23 ArrayList (java.util.ArrayList)23 AccountServiceException (com.zimbra.cs.account.AccountServiceException)22 DistributionList (com.zimbra.cs.account.DistributionList)22