Example 11 with AdminRight
use of com.zimbra.cs.account.accesscontrol.AdminRight in project zm-mailbox by Zimbra.
the class GetRightsDoc method genDomainAdminRights.
// handle dynamic group
@ACLTODO
private void genDomainAdminRights(Map<String, Object> context, Element response) throws ServiceException {
Element eDomainAdmin = response.addElement("domainAdmin-copypaste-to-zimbra-rights-domainadmin-xml-template");
SoapEngine engine = (SoapEngine) context.get(SoapEngine.ZIMBRA_ENGINE);
DocumentDispatcher dispatcher = engine.getDocumentDispatcher();
Map<QName, DocumentHandler> handlers = dispatcher.getHandlers();
// keys are sorted by targetType
// values are sets sorted by attr name
Map<TargetType, TreeSet<String>> rights = new TreeMap<TargetType, TreeSet<String>>();
for (TargetType tt : TargetType.values()) rights.put(tt, new TreeSet<String>());
// add our domain admin attr rights, which are generated by RightManager
rights.get(TargetType.account).add(Admin.R_setDomainAdminAccountAndCalendarResourceAttrs.getName());
rights.get(TargetType.calresource).add(Admin.R_setDomainAdminAccountAndCalendarResourceAttrs.getName());
rights.get(TargetType.calresource).add(Admin.R_setDomainAdminCalendarResourceAttrs.getName());
rights.get(TargetType.dl).add(Admin.R_setDomainAdminDistributionListAttrs.getName());
rights.get(TargetType.domain).add(Admin.R_setDomainAdminDomainAttrs.getName());
for (Map.Entry<QName, DocumentHandler> handler : handlers.entrySet()) {
DocumentHandler soapHandler = handler.getValue();
// only works for AdminDocumentHandler
if (soapHandler instanceof AdminRightCheckPoint && soapHandler instanceof AdminDocumentHandler) {
AdminDocumentHandler adminHandler = (AdminDocumentHandler) soapHandler;
if (adminHandler.domainAuthSufficient(context)) {
List<AdminRight> relatedRights = new ArrayList<AdminRight>();
List<String> notes = new ArrayList<String>();
adminHandler.docRights(relatedRights, notes);
for (AdminRight r : relatedRights) {
if (r.isPresetRight()) {
TargetType tt = r.getTargetType();
rights.get(tt).add(r.getName());
} else if (r.isAttrRight()) {
Set<TargetType> tts = ((AttrRight) r).getTargetTypes();
for (TargetType tt : tts) rights.get(tt).add(r.getName());
}
}
}
}
}
for (Map.Entry<TargetType, TreeSet<String>> entry : rights.entrySet()) {
TargetType tt = entry.getKey();
if (entry.getValue().size() > 0) {
Element eRight = eDomainAdmin.addElement("right").addAttribute("name", "domainAdmin" + tt.getPrettyName() + "Rights").addAttribute("type", "combo");
eRight.addElement("desc").setText("domain admin " + tt.getCode() + " right");
Element eRights = eRight.addElement("rights");
for (String r : entry.getValue()) {
eRights.addElement("r").addAttribute("n", r);
}
}
}
}
Also used :
Set(java.util.Set)
TreeSet(java.util.TreeSet)
HashSet(java.util.HashSet)
QName(org.dom4j.QName)
Element(com.zimbra.common.soap.Element)
ArrayList(java.util.ArrayList)
SoapEngine(com.zimbra.soap.SoapEngine)
TreeMap(java.util.TreeMap)
DocumentHandler(com.zimbra.soap.DocumentHandler)
AdminRight(com.zimbra.cs.account.accesscontrol.AdminRight)
TreeSet(java.util.TreeSet)
DocumentDispatcher(com.zimbra.soap.DocumentDispatcher)
TargetType(com.zimbra.cs.account.accesscontrol.TargetType)
HashMap(java.util.HashMap)
TreeMap(java.util.TreeMap)
Map(java.util.Map)
Example 12 with AdminRight
use of com.zimbra.cs.account.accesscontrol.AdminRight in project zm-mailbox by Zimbra.
the class TestServerEnumeration method testModifyCalres.
@Test
public void testModifyCalres() throws Exception {
List<AdminRight> relatedRights = new ArrayList<AdminRight>();
List<String> notes = new ArrayList<String>();
AdminDocumentHandler handler = new ModifyCalendarResource();
handler.docRights(relatedRights, notes);
createDelegatedAdmin(relatedRights);
grantRightToAdmin(adminSoapProv, com.zimbra.soap.type.TargetType.fromString(com.zimbra.cs.account.accesscontrol.TargetType.calresource.toString()), MY_CALRES, DELEGATED_ADMIN_NAME, Admin.R_modifyCalendarResource.getName());
adminSoapProv.flushCache(CacheEntryType.acl, null);
ModifyCalendarResourceRequest req = new ModifyCalendarResourceRequest(myCalRes.getId());
req.addAttr(new Attr(Provisioning.A_zimbraMailHost, NON_EXISTING_SERVER));
req.addAttr(new Attr(Provisioning.A_description, "test description"));
try {
delegatedSoapProv.invokeJaxb(req);
fail("should have caught an exception");
} catch (SoapFaultException e) {
assertEquals("should be getting 'Permission Denied' response", ServiceException.PERM_DENIED, e.getCode());
}
}
Also used :
ModifyCalendarResourceRequest(com.zimbra.soap.admin.message.ModifyCalendarResourceRequest)
AdminRight(com.zimbra.cs.account.accesscontrol.AdminRight)
ModifyCalendarResource(com.zimbra.cs.service.admin.ModifyCalendarResource)
ArrayList(java.util.ArrayList)
AdminDocumentHandler(com.zimbra.cs.service.admin.AdminDocumentHandler)
Attr(com.zimbra.soap.admin.type.Attr)
SoapFaultException(com.zimbra.common.soap.SoapFaultException)
Test(org.junit.Test)
Aggregations
AdminRight (com.zimbra.cs.account.accesscontrol.AdminRight)12
ArrayList (java.util.ArrayList)8
SoapFaultException (com.zimbra.common.soap.SoapFaultException)6
AdminDocumentHandler (com.zimbra.cs.service.admin.AdminDocumentHandler)6
Test (org.junit.Test)6
Attr (com.zimbra.soap.admin.type.Attr)4
HashMap (java.util.HashMap)4
HashSet (java.util.HashSet)4
Element (com.zimbra.common.soap.Element)2
Mailbox (com.zimbra.cs.mailbox.Mailbox)2
LockoutMailbox (com.zimbra.cs.service.admin.LockoutMailbox)2
ModifyAccount (com.zimbra.cs.service.admin.ModifyAccount)2
ModifyCalendarResource (com.zimbra.cs.service.admin.ModifyCalendarResource)2
DocumentDispatcher (com.zimbra.soap.DocumentDispatcher)2
DocumentHandler (com.zimbra.soap.DocumentHandler)2
SoapEngine (com.zimbra.soap.SoapEngine)2
LockoutMailboxRequest (com.zimbra.soap.admin.message.LockoutMailboxRequest)2
ModifyAccountRequest (com.zimbra.soap.admin.message.ModifyAccountRequest)2
ModifyCalendarResourceRequest (com.zimbra.soap.admin.message.ModifyCalendarResourceRequest)2
Map (java.util.Map)2
