Examples with Right com.zimbra.cs.account.accesscontrol.Right used on opensource projects

Search in sources :

Example 11 with Right

use of com.zimbra.cs.account.accesscontrol.Right in project zm-mailbox by Zimbra.

the class TestACLAttrRight method oneGrantSome.

private void oneGrantSome(AllowOrDeny grant, GetOrSet getOrSet, AllowedAttrs expected) throws Exception {
    String testName = "oneGrantSome-" + grant.name() + "-" + getOrSet.name();
    System.out.println("Testing " + testName);
    /*
         * setup authed account
         */
    Account authedAcct = globalAdmin;
    /*
         * grantees
         */
    Account GA = provUtil.createDelegatedAdmin(getAddress(testName, "GA"));
    /*
         * grants
         */
    Right someRight;
    if (getOrSet.isGet()) {
        someRight = ATTR_RIGHT_GET_SOME;
    } else {
        someRight = ATTR_RIGHT_SET_SOME;
    }
    /*
         * targets
         */
    Account TA = createAccount(getAddress(testName, "TA"));
    grantRight(authedAcct, TargetType.account, TA, GranteeType.GT_USER, GA, someRight, grant);
    verify(GA, TA, getOrSet, expected);
}
Also used : Account(com.zimbra.cs.account.Account) CheckAttrRight(com.zimbra.cs.account.accesscontrol.CheckAttrRight) AdminRight(com.zimbra.cs.account.accesscontrol.AdminRight) Right(com.zimbra.cs.account.accesscontrol.Right)

Example 12 with Right

use of com.zimbra.cs.account.accesscontrol.Right in project zm-mailbox by Zimbra.

the class TestACLAll method testAll.

/*
     * full test
     */
private void testAll() throws Exception {
    SKIP_FOR_REAL_LDAP_SERVER(SkipTestReason.LONG_TEST);
    int totalTests = TargetType.values().length * TestGranteeType.TEST_GRANTEE_TYPES.size() * rights.size();
    int curTest = 1;
    for (TargetType targetType : TargetType.values()) {
        for (TestGranteeType granteeType : TestGranteeType.TEST_GRANTEE_TYPES) {
            boolean skip = EXCLUDE_GRANTEE_TYPES.contains(granteeType.getCode());
            for (Right right : rights) {
                doTest((curTest++) + "/" + totalTests, targetType, granteeType, right, skip);
            }
        }
    }
}
Also used : TargetType(com.zimbra.cs.account.accesscontrol.TargetType) RightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.RightsByTargetType) DomainedRightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.DomainedRightsByTargetType) ComboRight(com.zimbra.cs.account.accesscontrol.ComboRight) CheckRight(com.zimbra.cs.account.accesscontrol.CheckRight) UserRight(com.zimbra.cs.account.accesscontrol.UserRight) AttrRight(com.zimbra.cs.account.accesscontrol.AttrRight) PresetRight(com.zimbra.cs.account.accesscontrol.PresetRight) Right(com.zimbra.cs.account.accesscontrol.Right)

Example 13 with Right

use of com.zimbra.cs.account.accesscontrol.Right in project zm-mailbox by Zimbra.

the class TestACLNegativeGrant method groupGranteeTest1.

/*
     * Verify denied takes precedence
     *
     * Grant to two unrelated groups: one allowed, one denied
     * account is a member of both groups
     *
     * Expected: account should be denied
     */
@Test
public void groupGranteeTest1() throws Exception {
    Account authedAcct = globalAdmin;
    Right right = ACLTestUtil.ADMIN_PRESET_ACCOUNT;
    /*
         * setup grantees
         */
    Account account = provUtil.createDelegatedAdmin(genAcctNameLocalPart("acct"), baseDomain);
    Group group1 = provUtil.createAdminGroup(genAcctNameLocalPart("group1"), baseDomain);
    Group group2 = provUtil.createAdminGroup(genAcctNameLocalPart("group2"), baseDomain);
    prov.addGroupMembers(group1, new String[] { account.getName() });
    prov.addGroupMembers(group2, new String[] { account.getName() });
    /*
         * setup targets
         */
    Account target = provUtil.createAccount(genAcctNameLocalPart("target"), baseDomain);
    grantRight(authedAcct, TargetType.account, target, GranteeType.GT_GROUP, group1, right, AllowOrDeny.ALLOW);
    grantRight(authedAcct, TargetType.account, target, GranteeType.GT_GROUP, group2, right, AllowOrDeny.DENY);
    TestViaGrant via;
    via = new TestViaGrant(TargetType.account, target, GranteeType.GT_GROUP, group2.getName(), right, TestViaGrant.NEGATIVE);
    verify(account, target, right, AsAdmin.AS_ADMIN, AllowOrDeny.DENY, via);
}
Also used : GuestAccount(com.zimbra.cs.account.GuestAccount) Account(com.zimbra.cs.account.Account) Group(com.zimbra.cs.account.Group) Right(com.zimbra.cs.account.accesscontrol.Right) TestViaGrant(com.zimbra.qa.unittest.prov.ldap.ACLTestUtil.TestViaGrant) Test(org.junit.Test)

Example 14 with Right

use of com.zimbra.cs.account.accesscontrol.Right in project zm-mailbox by Zimbra.

the class TestACLNegativeGrant method targetPrecedence.

/*
     * Original grants:
     *     global grant (allow)
     *         domain (deny)
     *             group1 (allow)
     *                 group2 (deny)
     *                     target account (allow)
     * => should allow
     *
     * then revoke the grant on account, should deny
     * then revoke the grant on group2, should allow
     * then revoke the grant on group1, should deny
     * then revoke the grant on domain, should allow
     * then revoke the grant on global grant, should deny
     */
@Test
public void targetPrecedence() throws Exception {
    Domain domain = provUtil.createDomain(genDomainSegmentName() + "." + BASE_DOMAIN_NAME);
    /*
         * setup authed account
         */
    Account authedAcct = globalAdmin;
    Right right = ACLTestUtil.ADMIN_PRESET_ACCOUNT;
    /*
         * setup grantees
         */
    Account grantee = provUtil.createDelegatedAdmin(genAcctNameLocalPart("grantee"), domain);
    /*
         * setup targets
         */
    // 1. target account itself
    Account target = provUtil.createAccount(genAcctNameLocalPart("target"), domain);
    grantRight(authedAcct, TargetType.account, target, GranteeType.GT_USER, grantee, right, AllowOrDeny.ALLOW);
    // 2. groups the target account is a member of
    DistributionList group1 = provUtil.createDistributionList(genGroupNameLocalPart("group1"), domain);
    DistributionList group2 = provUtil.createDistributionList(genGroupNameLocalPart("group2"), domain);
    prov.addMembers(group1, new String[] { group2.getName() });
    prov.addMembers(group2, new String[] { target.getName() });
    grantRight(authedAcct, TargetType.dl, group2, GranteeType.GT_USER, grantee, right, AllowOrDeny.DENY);
    grantRight(authedAcct, TargetType.dl, group1, GranteeType.GT_USER, grantee, right, AllowOrDeny.ALLOW);
    // 3. domain the target account is in
    grantRight(authedAcct, TargetType.domain, domain, GranteeType.GT_USER, grantee, right, AllowOrDeny.DENY);
    // 4. global grant
    GlobalGrant globalGrant = prov.getGlobalGrant();
    grantRight(authedAcct, TargetType.global, null, GranteeType.GT_USER, grantee, right, AllowOrDeny.ALLOW);
    /*
         * test targets
         */
    TestViaGrant via;
    via = new TestViaGrant(TargetType.account, target, GranteeType.GT_USER, grantee.getName(), right, TestViaGrant.POSITIVE);
    verify(grantee, target, right, AsAdmin.AS_ADMIN, AllowOrDeny.ALLOW, via);
    // revoke the grant on target account, then grant on group2 should take effect
    revokeRight(authedAcct, TargetType.account, target, GranteeType.GT_USER, grantee, right, AllowOrDeny.ALLOW);
    via = new TestViaGrant(TargetType.dl, group2, GranteeType.GT_USER, grantee.getName(), right, TestViaGrant.NEGATIVE);
    verify(grantee, target, right, AsAdmin.AS_ADMIN, AllowOrDeny.DENY, via);
    // revoke the grant on group2, then grant on group1 should take effect
    revokeRight(authedAcct, TargetType.dl, group2, GranteeType.GT_USER, grantee, right, AllowOrDeny.DENY);
    via = new TestViaGrant(TargetType.dl, group1, GranteeType.GT_USER, grantee.getName(), right, TestViaGrant.POSITIVE);
    verify(grantee, target, right, AsAdmin.AS_ADMIN, AllowOrDeny.ALLOW, via);
    // revoke the grant on group1, then grant on domain should take effect
    revokeRight(authedAcct, TargetType.dl, group1, GranteeType.GT_USER, grantee, right, AllowOrDeny.ALLOW);
    via = new TestViaGrant(TargetType.domain, domain, GranteeType.GT_USER, grantee.getName(), right, TestViaGrant.NEGATIVE);
    verify(grantee, target, right, AsAdmin.AS_ADMIN, AllowOrDeny.DENY, via);
    // revoke the grant on domain, then grant on globalgrant shuld take effect
    revokeRight(authedAcct, TargetType.domain, domain, GranteeType.GT_USER, grantee, right, AllowOrDeny.DENY);
    via = new TestViaGrant(TargetType.global, globalGrant, GranteeType.GT_USER, grantee.getName(), right, TestViaGrant.POSITIVE);
    verify(grantee, target, right, AsAdmin.AS_ADMIN, AllowOrDeny.ALLOW, via);
    // revoke the grant on globalgrant, then there is no grant and callsite default should be honored
    revokeRight(authedAcct, TargetType.global, null, GranteeType.GT_USER, grantee, right, AllowOrDeny.ALLOW);
    via = null;
    verify(grantee, target, right, AsAdmin.AS_ADMIN, AllowOrDeny.DENY, via);
}
Also used : GuestAccount(com.zimbra.cs.account.GuestAccount) Account(com.zimbra.cs.account.Account) GlobalGrant(com.zimbra.cs.account.GlobalGrant) Right(com.zimbra.cs.account.accesscontrol.Right) Domain(com.zimbra.cs.account.Domain) TestViaGrant(com.zimbra.qa.unittest.prov.ldap.ACLTestUtil.TestViaGrant) DistributionList(com.zimbra.cs.account.DistributionList) Test(org.junit.Test)

Example 15 with Right

use of com.zimbra.cs.account.accesscontrol.Right in project zm-mailbox by Zimbra.

the class TestACLPermissionCache method testGrantChangeOnIndirectlyInheritedDistributionList.

@Test
public void testGrantChangeOnIndirectlyInheritedDistributionList() throws Exception {
    Right right = A_USER_RIGHT_DISTRIBUTION_LIST;
    Domain domain = createDomain();
    DistributionList grantTarget = createUserDistributionList(GRANTTARGET_USER_GROUP, domain);
    DistributionList subGroup = createUserDistributionList(SUBGROUP_OF_GRANTTARGET_USER_GROUP, domain);
    DistributionList target = createUserDistributionList(TARGET_USER_GROUP, domain);
    Account grantee = createUserAccount(GRANTEE_USER_ACCT, domain);
    mProv.addMembers(grantTarget, new String[] { subGroup.getName() });
    mProv.addMembers(subGroup, new String[] { target.getName() });
    boolean allow;
    grantRight(TargetType.dl, grantTarget, GranteeType.GT_USER, grantee, right);
    allow = accessMgr.canDo(grantee, target, right, false, null);
    assertTrue(allow);
    revokeRight(TargetType.dl, grantTarget, GranteeType.GT_USER, grantee, right);
    allow = accessMgr.canDo(grantee, target, right, false, null);
    assertFalse(allow);
    grantRight(TargetType.dl, grantTarget, GranteeType.GT_USER, grantee, right);
    allow = accessMgr.canDo(grantee, target, right, false, null);
    assertTrue(allow);
}
Also used : GuestAccount(com.zimbra.cs.account.GuestAccount) Account(com.zimbra.cs.account.Account) Right(com.zimbra.cs.account.accesscontrol.Right) Domain(com.zimbra.cs.account.Domain) DistributionList(com.zimbra.cs.account.DistributionList) Test(org.junit.Test)

Aggregations

Right (com.zimbra.cs.account.accesscontrol.Right)52 Account (com.zimbra.cs.account.Account)38 Domain (com.zimbra.cs.account.Domain)22 Test (org.junit.Test)20 GuestAccount (com.zimbra.cs.account.GuestAccount)17 DistributionList (com.zimbra.cs.account.DistributionList)12 AdminRight (com.zimbra.cs.account.accesscontrol.AdminRight)8 Element (com.zimbra.common.soap.Element)7 Group (com.zimbra.cs.account.Group)7 AttrRight (com.zimbra.cs.account.accesscontrol.AttrRight)7 ComboRight (com.zimbra.cs.account.accesscontrol.ComboRight)7 TargetType (com.zimbra.cs.account.accesscontrol.TargetType)7 UserRight (com.zimbra.cs.account.accesscontrol.UserRight)7 RightsByTargetType (com.zimbra.cs.account.accesscontrol.RightCommand.RightsByTargetType)6 ZimbraSoapContext (com.zimbra.soap.ZimbraSoapContext)6 ServiceException (com.zimbra.common.service.ServiceException)5 CheckRight (com.zimbra.cs.account.accesscontrol.CheckRight)5 GranteeType (com.zimbra.cs.account.accesscontrol.GranteeType)5 PresetRight (com.zimbra.cs.account.accesscontrol.PresetRight)5 ZimbraACE (com.zimbra.cs.account.accesscontrol.ZimbraACE)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial