use of com.zimbra.cs.account.accesscontrol.Right in project zm-mailbox by Zimbra.
the class TestACLAttrRight method oneGrantAll.
public void oneGrantAll(AllowOrDeny grant, GetOrSet getOrSet, AllowedAttrs expected) throws Exception {
String testName = "oneGrantAll-" + grant.name() + "-" + getOrSet.name();
System.out.println("Testing " + testName);
/*
* setup authed account
*/
Account authedAcct = globalAdmin;
/*
* grantees
*/
Account GA = provUtil.createDelegatedAdmin(getAddress(testName, "GA"));
/*
* grants
*/
Right allRight;
if (getOrSet.isGet()) {
allRight = ATTR_RIGHT_GET_ALL;
} else {
allRight = ATTR_RIGHT_SET_ALL;
}
/*
* targets
*/
Account TA = createAccount(getAddress(testName, "TA"));
grantRight(authedAcct, TargetType.account, TA, GranteeType.GT_USER, GA, allRight, grant);
verify(GA, TA, getOrSet, expected);
}
use of com.zimbra.cs.account.accesscontrol.Right in project zm-mailbox by Zimbra.
the class TestACLEffectiveRights method getAllEffectiveRights.
@Test
public void getAllEffectiveRights() throws Exception {
Domain domain = provUtil.createDomain(genDomainSegmentName() + "." + BASE_DOMAIN_NAME);
Account target = provUtil.createAccount(genAcctNameLocalPart("user"), domain);
Account grantee = provUtil.createDelegatedAdmin(genAcctNameLocalPart("da"), domain);
Account grantingAccount = globalAdmin;
TargetType targetType = TargetType.getTargetType(target);
GranteeType granteeType = GranteeType.GT_USER;
Right right = ADMIN_PRESET_ACCOUNT;
RightCommand.grantRight(prov, grantingAccount, targetType.getCode(), TargetBy.name, target.getName(), granteeType.getCode(), GranteeBy.name, grantee.getName(), null, right.getName(), null);
AllEffectiveRights allEffRights = RightCommand.getAllEffectiveRights(prov, granteeType.getCode(), GranteeBy.name, grantee.getName(), false, false);
Map<TargetType, RightsByTargetType> rbttMap = allEffRights.rightsByTargetType();
RightsByTargetType rbtt = rbttMap.get(targetType);
boolean found = false;
for (RightCommand.RightAggregation rightsByEntries : rbtt.entries()) {
Set<String> targetNames = rightsByEntries.entries();
if (targetNames.contains(target.getName())) {
// this RightAggregation contains our target
// see if it contains out right
EffectiveRights effRights = rightsByEntries.effectiveRights();
List<String> presetRights = effRights.presetRights();
if (presetRights.contains(right.getName())) {
found = true;
}
}
}
assertTrue(found);
}
use of com.zimbra.cs.account.accesscontrol.Right in project zm-mailbox by Zimbra.
the class TestACLPermissionCache method testDirectGroupMembershipChanged.
@Test
public void testDirectGroupMembershipChanged() throws Exception {
Right right = A_USER_RIGHT_DISTRIBUTION_LIST;
Domain domain = createDomain();
DistributionList grantTarget = createUserDistributionList(GRANTTARGET_USER_GROUP, domain);
DistributionList target = createUserDistributionList(TARGET_USER_GROUP, domain);
Account grantee = createUserAccount(GRANTEE_USER_ACCT, domain);
mProv.addMembers(grantTarget, new String[] { target.getName() });
boolean allow;
grantRight(TargetType.dl, grantTarget, GranteeType.GT_USER, grantee, right);
allow = accessMgr.canDo(grantee, target, right, false, null);
assertTrue(allow);
mProv.removeMembers(grantTarget, new String[] { target.getName() });
allow = accessMgr.canDo(grantee, target, right, false, null);
assertFalse(allow);
mProv.addMembers(grantTarget, new String[] { target.getName() });
allow = accessMgr.canDo(grantee, target, right, false, null);
assertTrue(allow);
}
use of com.zimbra.cs.account.accesscontrol.Right in project zm-mailbox by Zimbra.
the class TestACLAll method testGrantee.
/*
* test a particular grantee type and a range of rights for all target types
*/
private void testGrantee() throws Exception {
SKIP_FOR_REAL_LDAP_SERVER(SkipTestReason.LONG_TEST);
/*
* TestGranteeType.GRANTEE_DYNAMIC_GROUP
* GT_USER
* GT_GROUP
* GT_EXT_GROUP
* GT_AUTHUSER
* GT_DOMAIN
* GT_GUEST
* GT_KEY
* GT_PUBLIC
*/
TestGranteeType granteeType = TestGranteeType.GRANTEE_DYNAMIC_GROUP;
// sRights.indexOf(ADMIN_COMBO_ACCOUNT); // inclusive
int beginRight = 0;
// inclusive
int endRight = rights.size() - 1;
int totalTests = TargetType.values().length * rights.size();
int curTest = 1;
for (TargetType targetType : TargetType.values()) {
for (Right right : rights) {
doTest((curTest++) + "/" + totalTests, targetType, granteeType, right, false);
}
}
}
use of com.zimbra.cs.account.accesscontrol.Right in project zm-mailbox by Zimbra.
the class TestACLAll method testRight.
/*
* test a particular right for all target types and grantee types
*/
private void testRight() throws Exception {
SKIP_FOR_REAL_LDAP_SERVER(SkipTestReason.LONG_TEST);
Right right = ACLTestUtil.ADMIN_COMBO_ACCOUNT;
int totalTests = TargetType.values().length * TestGranteeType.TEST_GRANTEE_TYPES.size() * rights.size();
int curTest = 1;
for (TargetType targetType : TargetType.values()) {
for (TestGranteeType granteeType : TestGranteeType.TEST_GRANTEE_TYPES) {
boolean skip = EXCLUDE_GRANTEE_TYPES.contains(granteeType.getCode());
doTest((curTest++) + "/" + totalTests, targetType, granteeType, right, skip);
}
}
}
Aggregations