Example 1 with ShareInfoData
use of com.zimbra.cs.account.ShareInfoData in project zm-mailbox by Zimbra.
the class AclPushSerializerTest method setUp.
@Before
public void setUp() throws Exception {
try {
sid = new ShareInfoData();
sid.setGranteeId("7ad43260-e8c0-423a-a3e5-bdaa51ec11d5");
sid.setGranteeName("user3@rdesai.local");
sid.setGranteeType(ACL.stringToType("usr"));
sid.setItemId(258);
sid.setItemUuid("886d073c-00d5-429e-b8d3-4f7385d32109");
sid.setPath("/Inbox/Test; Bed");
sid.setFolderDefaultView(MailItem.Type.MESSAGE);
sid.setRights(ACL.stringToRights("r"));
sid.setType(MailItem.Type.FOLDER);
} catch (Exception e) {
fail("No exception should be raised.");
}
}
Also used :
ShareInfoData(com.zimbra.cs.account.ShareInfoData)
Before(org.junit.Before)
Example 2 with ShareInfoData
use of com.zimbra.cs.account.ShareInfoData in project zm-mailbox by Zimbra.
the class AclPushSerializerTest method testDeserialize.
/**
* Test method for
* {@link com.zimbra.cs.mailbox.acl.AclPushSerializer#deserialize(java.lang.String)}
* .
*/
@Test
public void testDeserialize() {
String shareInfoData = "granteeId:7ad43260-e8c0-423a-a3e5-bdaa51ec11d5;granteeName:user3@rdesai.local;granteeType:usr;folderId:258;" + "folderUuid:886d073c-00d5-429e-b8d3-4f7385d32109;folderPath:/Inbox/Test; Bed;folderDefaultView:message;rights:r;type:folder";
try {
ShareInfoData data = AclPushSerializer.deserialize(shareInfoData);
String path = data.getPath();
Assert.assertEquals("/Inbox/Test; Bed", path);
shareInfoData = "granteeId:7ad43260-e8c0-423a-a3e5-bdaa51ec11d5;granteeName:user3@rdesai.local;granteeType:usr;folderId:258;" + "folderUuid:886d073c-00d5-429e-b8d3-4f7385d32109;folderPath:/Inbox/Test*ASCII59* Bed;folderDefaultView:message;rights:r;type:folder";
data = AclPushSerializer.deserialize(shareInfoData);
path = data.getPath();
Assert.assertEquals("/Inbox/Test; Bed", path);
shareInfoData = "granteeId:7ad43260-e8c0-423a-a3e5-bdaa51ec11d5;granteeName:user3@rdesai.local;granteeType:usr;folderId:258;" + "folderUuid:886d073c-00d5-429e-b8d3-4f7385d32109;folderPath:/Inbox/TestASCII59 Bed;folderDefaultView:message;rights:r;type:folder";
data = AclPushSerializer.deserialize(shareInfoData);
path = data.getPath();
Assert.assertEquals("/Inbox/TestASCII59 Bed", path);
shareInfoData = "granteeId:7ad43260-e8c0-423a-a3e5-bdaa51ec11d5;granteeName:user3@rdesai.local;granteeType:usr;" + "folderId:258;folderUuid:886d073c-00d5-429e-b8d3-4f7385d32109;folderPath:/Inbox/Test*ASCII59* Bed*ASCII59* " + "123;folderDefaultView:message;rights:r;type:folder";
data = AclPushSerializer.deserialize(shareInfoData);
path = data.getPath();
Assert.assertEquals("/Inbox/Test; Bed; 123", path);
} catch (Exception e) {
e.printStackTrace();
fail("Should have not thrown a exception.");
}
}
Also used :
ShareInfoData(com.zimbra.cs.account.ShareInfoData)
Test(org.junit.Test)
Example 3 with ShareInfoData
use of com.zimbra.cs.account.ShareInfoData in project zm-mailbox by Zimbra.
the class SoapProvisioning method getShareInfo.
@Override
public void getShareInfo(Account ownerAcct, PublishedShareInfoVisitor visitor) throws ServiceException {
GetShareInfoResponse rsp = invokeJaxb(new GetShareInfoRequest(getSelector(ownerAcct)));
for (com.zimbra.soap.type.ShareInfo sInfo : rsp.getShares()) {
ShareInfoData sid = ShareInfoData.fromJaxbShareInfo(sInfo);
visitor.visit(sid);
}
}
Also used :
ShareInfoData(com.zimbra.cs.account.ShareInfoData)
Example 4 with ShareInfoData
use of com.zimbra.cs.account.ShareInfoData in project zm-mailbox by Zimbra.
the class ZimbraSoapContext method validateDelegatedAccess.
/**
* Validate delegation rights. Request for delegated access requires a grant on at least one object in the target
* account or admin login rights.
* @param targetAccount - Account which requested is targeted for
* @param requestedKey - The key sent in request which mapped to target account.
* Passed in so error only reports back what was requested (i.e. can't harvest accountId if
* you only know the email or vice-versa)
* @param requestName - The SOAP request name - may be null
* @throws ServiceException
*/
private void validateDelegatedAccess(Account targetAccount, DocumentHandler handler, QName requestName, String requestedKey) throws ServiceException {
if (!isDelegatedRequest()) {
return;
}
if ((handler != null) && handler.handlesAccountHarvesting()) {
return;
}
//if delegated one of the following MUST be true
//1. authed account is an admin AND has admin rights for the target
//2. authed account has been granted access (i.e. login) to the target account
//3. target account has shared at least one item with authed account or enclosing group/cos/domain
//4. target account has granted sendAs or sendOnBehalfOf right to authed account
Account authAccount = null;
boolean isAdmin = AuthToken.isAnyAdmin(mAuthToken);
if (!GuestAccount.GUID_PUBLIC.equals(mAuthToken.getAccountId())) {
authAccount = mAuthToken.getAccount();
if (isAdmin && AccessManager.getInstance().canAccessAccount(mAuthToken, targetAccount, true)) {
//case 1 - admin
return;
}
if (isAdmin && (handler != null) && handler.defendsAgainstDelegateAdminAccountHarvesting()) {
return;
}
if (AccessManager.getInstance().canAccessAccount(mAuthToken, targetAccount, false)) {
//case 2 - access rights
return;
}
}
String externalEmail = null;
if (authAccount != null && authAccount.getBooleanAttr(Provisioning.A_zimbraIsExternalVirtualAccount, false)) {
externalEmail = authAccount.getAttr(Provisioning.A_zimbraExternalUserMailAddress, externalEmail);
}
Provisioning prov = Provisioning.getInstance();
//case 3 - shared items
boolean needRecheck = false;
do {
String[] sharedItems = targetAccount.getSharedItem();
Set<String> groupIds = null;
for (String sharedItem : sharedItems) {
ShareInfoData shareData = AclPushSerializer.deserialize(sharedItem);
switch(shareData.getGranteeTypeCode()) {
case ACL.GRANTEE_USER:
if (authAccount != null && authAccount.getId().equals(shareData.getGranteeId())) {
return;
}
break;
case ACL.GRANTEE_GUEST:
if (shareData.getGranteeId().equals(externalEmail)) {
return;
}
break;
case ACL.GRANTEE_PUBLIC:
return;
case ACL.GRANTEE_GROUP:
if (authAccount != null) {
if (groupIds == null) {
groupIds = new HashSet<String>();
}
groupIds.add(shareData.getGranteeId());
}
break;
case ACL.GRANTEE_AUTHUSER:
if (authAccount != null) {
return;
}
break;
case ACL.GRANTEE_DOMAIN:
if (authAccount != null && authAccount.getDomainId() != null && authAccount.getDomainId().equals(shareData.getGranteeId())) {
return;
}
break;
case ACL.GRANTEE_COS:
if (authAccount != null && authAccount.getCOSId() != null && authAccount.getCOSId().equals(shareData.getGranteeId())) {
return;
}
break;
case ACL.GRANTEE_KEY:
if (authAccount instanceof GuestAccount && mAuthToken.getAccessKey() != null) {
return;
}
break;
}
}
if (groupIds != null) {
for (String groupId : groupIds) {
if (prov.inACLGroup(authAccount, groupId)) {
return;
}
}
}
if (needRecheck) {
break;
} else if (!Provisioning.onLocalServer(targetAccount)) {
//if target on different server we might not have up-to-date shared item list
//reload and check one more time to be sure
prov.reload(targetAccount);
needRecheck = true;
}
} while (needRecheck);
//case 4 - sendAs/sendOnBehalfOf
AccessManager accessMgr = AccessManager.getInstance();
if (accessMgr.canDo(authAccount, targetAccount, Rights.User.R_sendAs, isAdmin) || accessMgr.canDo(authAccount, targetAccount, Rights.User.R_sendOnBehalfOf, isAdmin)) {
return;
}
throw ServiceException.DEFEND_ACCOUNT_HARVEST(requestedKey);
}
Also used :
AccessManager(com.zimbra.cs.account.AccessManager)
GuestAccount(com.zimbra.cs.account.GuestAccount)
Account(com.zimbra.cs.account.Account)
GuestAccount(com.zimbra.cs.account.GuestAccount)
ShareInfoData(com.zimbra.cs.account.ShareInfoData)
Provisioning(com.zimbra.cs.account.Provisioning)
Example 5 with ShareInfoData
use of com.zimbra.cs.account.ShareInfoData in project zm-mailbox by Zimbra.
the class AclPushTask method doWork.
public static synchronized void doWork() {
if (!supported)
return;
ZimbraLog.misc.debug("Starting pending ACL push");
Multimap<Integer, List<Integer>> currentItemIdsProcessed = ArrayListMultimap.create();
try {
Date now = new Date();
Multimap<Integer, Integer> mboxIdToItemIds = DbPendingAclPush.getEntries(now);
for (int mboxId : mboxIdToItemIds.keySet()) {
Mailbox mbox;
List<Integer> itemsProcessed = new ArrayList<Integer>();
try {
mbox = MailboxManager.getInstance().getMailboxById(mboxId);
} catch (ServiceException e) {
ZimbraLog.misc.info("Exception occurred while getting mailbox for id %s during ACL push", mboxId, e);
continue;
}
Collection<Integer> itemIds = mboxIdToItemIds.get(mboxId);
MailItem[] items = null;
try {
items = mbox.getItemById(null, itemIds, MailItem.Type.UNKNOWN);
} catch (MailServiceException.NoSuchItemException e) {
// one or more folders no longer exist
if (itemIds.size() > 1) {
List<MailItem> itemList = new ArrayList<MailItem>();
for (int itemId : itemIds) {
try {
itemList.add(mbox.getItemById(null, itemId, MailItem.Type.UNKNOWN));
} catch (MailServiceException.NoSuchItemException ignored) {
}
}
items = itemList.toArray(new MailItem[itemList.size()]);
}
}
Account account = mbox.getAccount();
String[] existingSharedItems = account.getSharedItem();
Set<String> updatedSharedItems = new HashSet<String>();
for (String sharedItem : existingSharedItems) {
ShareInfoData shareData = AclPushSerializer.deserialize(sharedItem);
if (!itemIds.contains(shareData.getItemId())) {
updatedSharedItems.add(sharedItem);
}
}
if (items != null) {
for (MailItem item : items) {
if (item == null) {
continue;
}
// for now push the Folder grants to LDAP
if (!(item instanceof Folder)) {
continue;
}
ACL acl = item.getACL();
if (acl == null) {
continue;
}
for (ACL.Grant grant : acl.getGrants()) {
updatedSharedItems.add(AclPushSerializer.serialize(item, grant));
}
itemsProcessed.add(item.getId());
currentItemIdsProcessed.put(mboxId, itemsProcessed);
}
}
account.setSharedItem(updatedSharedItems.toArray(new String[updatedSharedItems.size()]));
}
// for
DbPendingAclPush.deleteEntries(now);
} catch (ServiceException e) {
ZimbraLog.misc.warn("Error during ACL push task", e);
} catch (Throwable t) {
//don't let exceptions kill the timer
try {
// We ran into runtime exception, so we want to delete records from ACL
// table for processed records.
deleteDbAclEntryForProcessedItems(currentItemIdsProcessed);
} catch (ServiceException e) {
ZimbraLog.misc.warn("Error during ACL push task and deleting ACL push entry.");
}
ZimbraLog.misc.warn("Error during ACL push task", t);
}
ZimbraLog.misc.debug("Finished pending ACL push");
}
Also used :
Account(com.zimbra.cs.account.Account)
ArrayList(java.util.ArrayList)
Folder(com.zimbra.cs.mailbox.Folder)
Mailbox(com.zimbra.cs.mailbox.Mailbox)
ArrayList(java.util.ArrayList)
List(java.util.List)
MailServiceException(com.zimbra.cs.mailbox.MailServiceException)
HashSet(java.util.HashSet)
ShareInfoData(com.zimbra.cs.account.ShareInfoData)
ACL(com.zimbra.cs.mailbox.ACL)
Date(java.util.Date)
MailItem(com.zimbra.cs.mailbox.MailItem)
ServiceException(com.zimbra.common.service.ServiceException)
MailServiceException(com.zimbra.cs.mailbox.MailServiceException)
Aggregations
ShareInfoData (com.zimbra.cs.account.ShareInfoData)13
Account (com.zimbra.cs.account.Account)6
Provisioning (com.zimbra.cs.account.Provisioning)5
ServiceException (com.zimbra.common.service.ServiceException)4
MailItem (com.zimbra.cs.mailbox.MailItem)4
Mountpoint (com.zimbra.cs.mailbox.Mountpoint)4
Element (com.zimbra.common.soap.Element)3
Domain (com.zimbra.cs.account.Domain)3
GuestAccount (com.zimbra.cs.account.GuestAccount)3
Mailbox (com.zimbra.cs.mailbox.Mailbox)3
HashMap (java.util.HashMap)3
HashSet (java.util.HashSet)3
ZMailbox (com.zimbra.client.ZMailbox)2
ZMountpoint (com.zimbra.client.ZMountpoint)2
AuthTokenException (com.zimbra.cs.account.AuthTokenException)2
Group (com.zimbra.cs.account.Group)2
NamedEntry (com.zimbra.cs.account.NamedEntry)2
SearchAccountsOptions (com.zimbra.cs.account.SearchAccountsOptions)2
Folder (com.zimbra.cs.mailbox.Folder)2
MailServiceException (com.zimbra.cs.mailbox.MailServiceException)2
