use of com.zimbra.cs.account.accesscontrol.Right in project zm-mailbox by Zimbra.
the class TestACLPermissionCache method testGrantChangeOnIndirectlyInheritedDistributionList.
@Test
public void testGrantChangeOnIndirectlyInheritedDistributionList() throws Exception {
Right right = A_USER_RIGHT_DISTRIBUTION_LIST;
Domain domain = createDomain();
DistributionList grantTarget = createUserDistributionList(GRANTTARGET_USER_GROUP, domain);
DistributionList subGroup = createUserDistributionList(SUBGROUP_OF_GRANTTARGET_USER_GROUP, domain);
DistributionList target = createUserDistributionList(TARGET_USER_GROUP, domain);
Account grantee = createUserAccount(GRANTEE_USER_ACCT, domain);
mProv.addMembers(grantTarget, new String[] { subGroup.getName() });
mProv.addMembers(subGroup, new String[] { target.getName() });
boolean allow;
grantRight(TargetType.dl, grantTarget, GranteeType.GT_USER, grantee, right);
allow = accessMgr.canDo(grantee, target, right, false, null);
assertTrue(allow);
revokeRight(TargetType.dl, grantTarget, GranteeType.GT_USER, grantee, right);
allow = accessMgr.canDo(grantee, target, right, false, null);
assertFalse(allow);
grantRight(TargetType.dl, grantTarget, GranteeType.GT_USER, grantee, right);
allow = accessMgr.canDo(grantee, target, right, false, null);
assertTrue(allow);
}
use of com.zimbra.cs.account.accesscontrol.Right in project zm-mailbox by Zimbra.
the class TestACLPermissionCache method testGrantChangeOnTarget.
@Test
public void testGrantChangeOnTarget() throws Exception {
Right right = A_USER_RIGHT;
Domain domain = createDomain();
Account grantTarget = createUserAccount(GRANTTARGET_USER_ACCT, domain);
Account target = grantTarget;
Account grantee = createUserAccount(GRANTEE_USER_ACCT, domain);
boolean allow;
grantRight(TargetType.account, grantTarget, GranteeType.GT_USER, grantee, right);
allow = accessMgr.canDo(grantee, target, right, false, null);
assertTrue(allow);
revokeRight(TargetType.account, grantTarget, GranteeType.GT_USER, grantee, right);
allow = accessMgr.canDo(grantee, target, right, false, null);
assertFalse(allow);
grantRight(TargetType.account, grantTarget, GranteeType.GT_USER, grantee, right);
allow = accessMgr.canDo(grantee, target, right, false, null);
assertTrue(allow);
}
use of com.zimbra.cs.account.accesscontrol.Right in project zm-mailbox by Zimbra.
the class TestACLPermissionCache method testGrantChangeOnDirectlyInheritedDistributionList.
@Test
public void testGrantChangeOnDirectlyInheritedDistributionList() throws Exception {
Right right = A_USER_RIGHT_DISTRIBUTION_LIST;
Domain domain = createDomain();
DistributionList grantTarget = createUserDistributionList(GRANTTARGET_USER_GROUP, domain);
DistributionList target = createUserDistributionList(TARGET_USER_GROUP, domain);
Account grantee = createUserAccount(GRANTEE_USER_ACCT, domain);
mProv.addMembers(grantTarget, new String[] { target.getName() });
boolean allow;
grantRight(TargetType.dl, grantTarget, GranteeType.GT_USER, grantee, right);
allow = accessMgr.canDo(grantee, target, right, false, null);
assertTrue(allow);
revokeRight(TargetType.dl, grantTarget, GranteeType.GT_USER, grantee, right);
allow = accessMgr.canDo(grantee, target, right, false, null);
assertFalse(allow);
grantRight(TargetType.dl, grantTarget, GranteeType.GT_USER, grantee, right);
allow = accessMgr.canDo(grantee, target, right, false, null);
assertTrue(allow);
}
use of com.zimbra.cs.account.accesscontrol.Right in project zm-mailbox by Zimbra.
the class TestACLAll method testTarget.
/*
* test a particular target type and a range of rights for all grantee types
*/
private void testTarget() throws Exception {
SKIP_FOR_REAL_LDAP_SERVER(SkipTestReason.LONG_TEST);
/*
* account
* calresource
* cos
* dl
* group
* domain
* server
* ucservice
* xmppcomponent
* zimlet
* config
* global
*/
TargetType targetType = TargetType.ucservice;
// sRights.indexOf(ADMIN_COMBO_ACCOUNT); // inclusive
int beginRight = 0;
// inclusive
int endRight = rights.size() - 1;
int totalTests = TestGranteeType.TEST_GRANTEE_TYPES.size() * (endRight - beginRight + 1);
int curTest = 1;
for (TestGranteeType granteeType : TestGranteeType.TEST_GRANTEE_TYPES) {
boolean skip = EXCLUDE_GRANTEE_TYPES.contains(granteeType.getCode());
// for (Right right : sRights) {
for (int i = beginRight; i <= endRight; i++) {
Right right = rights.get(i);
doTest((curTest++) + "/" + totalTests, targetType, granteeType, right, skip);
}
}
}
use of com.zimbra.cs.account.accesscontrol.Right in project zm-mailbox by Zimbra.
the class TestACLPermissionCache method testGranteeAdminFlagChanged.
@Test
public void testGranteeAdminFlagChanged() throws Exception {
Right right = A_CACHEABLE_ADMIN_RIGHT;
Domain domain = createDomain();
Account grantTarget = createUserAccount(GRANTTARGET_USER_ACCT, domain);
Account target = grantTarget;
Account grantee = createDelegatedAdminAccount(GRANTEE_ADMIN_ACCT, domain);
boolean allow;
grantRight(TargetType.account, grantTarget, GranteeType.GT_USER, grantee, right);
allow = accessMgr.canDo(grantee, target, right, true, null);
assertTrue(allow);
grantee.setIsDelegatedAdminAccount(false);
try {
allow = accessMgr.canDo(grantee, target, right, true, null);
} catch (ServiceException e) {
if (ServiceException.PERM_DENIED.equals(e.getCode()))
allow = false;
}
assertFalse(allow);
grantee.setIsDelegatedAdminAccount(true);
allow = accessMgr.canDo(grantee, target, right, true, null);
assertTrue(allow);
}
Aggregations