Example 36 with Right
use of com.zimbra.cs.account.accesscontrol.Right in project zm-mailbox by Zimbra.
the class TestACLAttrRight method oneGrantAll.
public void oneGrantAll(AllowOrDeny grant, GetOrSet getOrSet, AllowedAttrs expected) throws Exception {
String testName = "oneGrantAll-" + grant.name() + "-" + getOrSet.name();
System.out.println("Testing " + testName);
/*
* setup authed account
*/
Account authedAcct = globalAdmin;
/*
* grantees
*/
Account GA = provUtil.createDelegatedAdmin(getAddress(testName, "GA"));
/*
* grants
*/
Right allRight;
if (getOrSet.isGet()) {
allRight = ATTR_RIGHT_GET_ALL;
} else {
allRight = ATTR_RIGHT_SET_ALL;
}
/*
* targets
*/
Account TA = createAccount(getAddress(testName, "TA"));
grantRight(authedAcct, TargetType.account, TA, GranteeType.GT_USER, GA, allRight, grant);
verify(GA, TA, getOrSet, expected);
}
Also used :
Account(com.zimbra.cs.account.Account)
CheckAttrRight(com.zimbra.cs.account.accesscontrol.CheckAttrRight)
AdminRight(com.zimbra.cs.account.accesscontrol.AdminRight)
Right(com.zimbra.cs.account.accesscontrol.Right)
Example 37 with Right
use of com.zimbra.cs.account.accesscontrol.Right in project zm-mailbox by Zimbra.
the class TestACLEffectiveRights method getAllEffectiveRights.
@Test
public void getAllEffectiveRights() throws Exception {
Domain domain = provUtil.createDomain(genDomainSegmentName() + "." + BASE_DOMAIN_NAME);
Account target = provUtil.createAccount(genAcctNameLocalPart("user"), domain);
Account grantee = provUtil.createDelegatedAdmin(genAcctNameLocalPart("da"), domain);
Account grantingAccount = globalAdmin;
TargetType targetType = TargetType.getTargetType(target);
GranteeType granteeType = GranteeType.GT_USER;
Right right = ADMIN_PRESET_ACCOUNT;
RightCommand.grantRight(prov, grantingAccount, targetType.getCode(), TargetBy.name, target.getName(), granteeType.getCode(), GranteeBy.name, grantee.getName(), null, right.getName(), null);
AllEffectiveRights allEffRights = RightCommand.getAllEffectiveRights(prov, granteeType.getCode(), GranteeBy.name, grantee.getName(), false, false);
Map<TargetType, RightsByTargetType> rbttMap = allEffRights.rightsByTargetType();
RightsByTargetType rbtt = rbttMap.get(targetType);
boolean found = false;
for (RightCommand.RightAggregation rightsByEntries : rbtt.entries()) {
Set<String> targetNames = rightsByEntries.entries();
if (targetNames.contains(target.getName())) {
// this RightAggregation contains our target
// see if it contains out right
EffectiveRights effRights = rightsByEntries.effectiveRights();
List<String> presetRights = effRights.presetRights();
if (presetRights.contains(right.getName())) {
found = true;
}
}
}
assertTrue(found);
}
Also used :
Account(com.zimbra.cs.account.Account)
GranteeType(com.zimbra.cs.account.accesscontrol.GranteeType)
EffectiveRights(com.zimbra.cs.account.accesscontrol.RightCommand.EffectiveRights)
AllEffectiveRights(com.zimbra.cs.account.accesscontrol.RightCommand.AllEffectiveRights)
AllEffectiveRights(com.zimbra.cs.account.accesscontrol.RightCommand.AllEffectiveRights)
InlineAttrRight(com.zimbra.cs.account.accesscontrol.InlineAttrRight)
Right(com.zimbra.cs.account.accesscontrol.Right)
RightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.RightsByTargetType)
RightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.RightsByTargetType)
TargetType(com.zimbra.cs.account.accesscontrol.TargetType)
RightCommand(com.zimbra.cs.account.accesscontrol.RightCommand)
Domain(com.zimbra.cs.account.Domain)
Test(org.junit.Test)
Example 38 with Right
use of com.zimbra.cs.account.accesscontrol.Right in project zm-mailbox by Zimbra.
the class TestACLPermissionCache method testDirectGroupMembershipChanged.
@Test
public void testDirectGroupMembershipChanged() throws Exception {
Right right = A_USER_RIGHT_DISTRIBUTION_LIST;
Domain domain = createDomain();
DistributionList grantTarget = createUserDistributionList(GRANTTARGET_USER_GROUP, domain);
DistributionList target = createUserDistributionList(TARGET_USER_GROUP, domain);
Account grantee = createUserAccount(GRANTEE_USER_ACCT, domain);
mProv.addMembers(grantTarget, new String[] { target.getName() });
boolean allow;
grantRight(TargetType.dl, grantTarget, GranteeType.GT_USER, grantee, right);
allow = accessMgr.canDo(grantee, target, right, false, null);
assertTrue(allow);
mProv.removeMembers(grantTarget, new String[] { target.getName() });
allow = accessMgr.canDo(grantee, target, right, false, null);
assertFalse(allow);
mProv.addMembers(grantTarget, new String[] { target.getName() });
allow = accessMgr.canDo(grantee, target, right, false, null);
assertTrue(allow);
}
Also used :
GuestAccount(com.zimbra.cs.account.GuestAccount)
Account(com.zimbra.cs.account.Account)
Right(com.zimbra.cs.account.accesscontrol.Right)
Domain(com.zimbra.cs.account.Domain)
DistributionList(com.zimbra.cs.account.DistributionList)
Test(org.junit.Test)
Example 39 with Right
use of com.zimbra.cs.account.accesscontrol.Right in project zm-mailbox by Zimbra.
the class TestACLAll method testGrantee.
/*
* test a particular grantee type and a range of rights for all target types
*/
private void testGrantee() throws Exception {
SKIP_FOR_REAL_LDAP_SERVER(SkipTestReason.LONG_TEST);
/*
* TestGranteeType.GRANTEE_DYNAMIC_GROUP
* GT_USER
* GT_GROUP
* GT_EXT_GROUP
* GT_AUTHUSER
* GT_DOMAIN
* GT_GUEST
* GT_KEY
* GT_PUBLIC
*/
TestGranteeType granteeType = TestGranteeType.GRANTEE_DYNAMIC_GROUP;
// sRights.indexOf(ADMIN_COMBO_ACCOUNT); // inclusive
int beginRight = 0;
// inclusive
int endRight = rights.size() - 1;
int totalTests = TargetType.values().length * rights.size();
int curTest = 1;
for (TargetType targetType : TargetType.values()) {
for (Right right : rights) {
doTest((curTest++) + "/" + totalTests, targetType, granteeType, right, false);
}
}
}
Also used :
TargetType(com.zimbra.cs.account.accesscontrol.TargetType)
RightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.RightsByTargetType)
DomainedRightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.DomainedRightsByTargetType)
ComboRight(com.zimbra.cs.account.accesscontrol.ComboRight)
CheckRight(com.zimbra.cs.account.accesscontrol.CheckRight)
UserRight(com.zimbra.cs.account.accesscontrol.UserRight)
AttrRight(com.zimbra.cs.account.accesscontrol.AttrRight)
PresetRight(com.zimbra.cs.account.accesscontrol.PresetRight)
Right(com.zimbra.cs.account.accesscontrol.Right)
Example 40 with Right
use of com.zimbra.cs.account.accesscontrol.Right in project zm-mailbox by Zimbra.
the class TestACLAll method testRight.
/*
* test a particular right for all target types and grantee types
*/
private void testRight() throws Exception {
SKIP_FOR_REAL_LDAP_SERVER(SkipTestReason.LONG_TEST);
Right right = ACLTestUtil.ADMIN_COMBO_ACCOUNT;
int totalTests = TargetType.values().length * TestGranteeType.TEST_GRANTEE_TYPES.size() * rights.size();
int curTest = 1;
for (TargetType targetType : TargetType.values()) {
for (TestGranteeType granteeType : TestGranteeType.TEST_GRANTEE_TYPES) {
boolean skip = EXCLUDE_GRANTEE_TYPES.contains(granteeType.getCode());
doTest((curTest++) + "/" + totalTests, targetType, granteeType, right, skip);
}
}
}
Also used :
ComboRight(com.zimbra.cs.account.accesscontrol.ComboRight)
CheckRight(com.zimbra.cs.account.accesscontrol.CheckRight)
UserRight(com.zimbra.cs.account.accesscontrol.UserRight)
AttrRight(com.zimbra.cs.account.accesscontrol.AttrRight)
PresetRight(com.zimbra.cs.account.accesscontrol.PresetRight)
Right(com.zimbra.cs.account.accesscontrol.Right)
TargetType(com.zimbra.cs.account.accesscontrol.TargetType)
RightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.RightsByTargetType)
DomainedRightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.DomainedRightsByTargetType)
Aggregations
Right (com.zimbra.cs.account.accesscontrol.Right)52
Account (com.zimbra.cs.account.Account)38
Domain (com.zimbra.cs.account.Domain)22
Test (org.junit.Test)20
GuestAccount (com.zimbra.cs.account.GuestAccount)17
DistributionList (com.zimbra.cs.account.DistributionList)12
AdminRight (com.zimbra.cs.account.accesscontrol.AdminRight)8
Element (com.zimbra.common.soap.Element)7
Group (com.zimbra.cs.account.Group)7
AttrRight (com.zimbra.cs.account.accesscontrol.AttrRight)7
ComboRight (com.zimbra.cs.account.accesscontrol.ComboRight)7
TargetType (com.zimbra.cs.account.accesscontrol.TargetType)7
UserRight (com.zimbra.cs.account.accesscontrol.UserRight)7
RightsByTargetType (com.zimbra.cs.account.accesscontrol.RightCommand.RightsByTargetType)6
ZimbraSoapContext (com.zimbra.soap.ZimbraSoapContext)6
ServiceException (com.zimbra.common.service.ServiceException)5
CheckRight (com.zimbra.cs.account.accesscontrol.CheckRight)5
GranteeType (com.zimbra.cs.account.accesscontrol.GranteeType)5
PresetRight (com.zimbra.cs.account.accesscontrol.PresetRight)5
ZimbraACE (com.zimbra.cs.account.accesscontrol.ZimbraACE)5
