Examples with EffectiveRights com.zimbra.cs.account.accesscontrol.RightCommand.EffectiveRights used on opensource projects

Search in sources :

Example 6 with EffectiveRights

use of com.zimbra.cs.account.accesscontrol.RightCommand.EffectiveRights in project zm-mailbox by Zimbra.

the class TestACLEffectiveRights method bug70206.

@Bug(bug = 70206)
@Test
public void bug70206() throws Exception {
    Account acct = provUtil.createDelegatedAdmin(genAcctNameLocalPart(), domain);
    Group group = provUtil.createGroup(genGroupNameLocalPart(), domain, false);
    Account grantingAccount = globalAdmin;
    String presetRightUnderTest = Right.RT_deleteDistributionList;
    String attrUnderTest = Provisioning.A_zimbraHideInGal;
    String attrRightUnderTest = InlineAttrRight.composeSetRight(TargetType.dl, attrUnderTest);
    // grant a combo right on global level
    RightCommand.grantRight(prov, grantingAccount, TargetType.global.getCode(), null, null, GranteeType.GT_USER.getCode(), GranteeBy.name, acct.getName(), null, Right.RT_adminConsoleDLRights, null);
    // deny a preset right (in the combo right) on global level
    RightCommand.grantRight(prov, grantingAccount, TargetType.global.getCode(), null, null, GranteeType.GT_USER.getCode(), GranteeBy.name, acct.getName(), null, presetRightUnderTest, RightModifier.RM_DENY);
    // grant the preset right on the target
    RightCommand.grantRight(prov, grantingAccount, TargetType.dl.getCode(), TargetBy.name, group.getName(), GranteeType.GT_USER.getCode(), GranteeBy.name, acct.getName(), null, attrRightUnderTest, null);
    // deny an attr right (in the combo right) on global level
    RightCommand.grantRight(prov, grantingAccount, TargetType.global.getCode(), null, null, GranteeType.GT_USER.getCode(), GranteeBy.name, acct.getName(), null, attrRightUnderTest, RightModifier.RM_DENY);
    // grant the attr right on the target
    RightCommand.grantRight(prov, grantingAccount, TargetType.dl.getCode(), TargetBy.name, group.getName(), GranteeType.GT_USER.getCode(), GranteeBy.name, acct.getName(), null, presetRightUnderTest, null);
    EffectiveRights effRights = RightCommand.getEffectiveRights(prov, TargetType.dl.getCode(), TargetBy.name, group.getName(), GranteeBy.name, acct.getName(), false, false);
    List<String> presetRights = effRights.presetRights();
    SortedMap<String, EffectiveAttr> setAttrRights = effRights.canSetAttrs();
    /*
        for (String right : presetRights) {
            System.out.println(right);
        }
        */
    assertTrue(presetRights.contains(Right.RT_deleteDistributionList));
    assertTrue(setAttrRights.containsKey(attrUnderTest));
}
Also used : Account(com.zimbra.cs.account.Account) Group(com.zimbra.cs.account.Group) EffectiveAttr(com.zimbra.cs.account.accesscontrol.RightCommand.EffectiveAttr) EffectiveRights(com.zimbra.cs.account.accesscontrol.RightCommand.EffectiveRights) AllEffectiveRights(com.zimbra.cs.account.accesscontrol.RightCommand.AllEffectiveRights) Bug(com.zimbra.qa.QA.Bug) Test(org.junit.Test)

Example 7 with EffectiveRights

use of com.zimbra.cs.account.accesscontrol.RightCommand.EffectiveRights in project zm-mailbox by Zimbra.

the class TestACLAll method getEffectiveRights.

private EffectiveRights getEffectiveRights(Account grantee, Entry target) {
    EffectiveRights effRights = null;
    boolean expectFailure = !grantee.isIsDelegatedAdminAccount();
    try {
        effRights = RightCommand.getEffectiveRights(prov, TargetType.getTargetType(target).getCode(), TargetBy.name, target.getLabel(), GranteeBy.name, grantee.getName(), false, false);
    } catch (ServiceException e) {
        // The only expected exception is when the grantee is not a delegated admin
        if (!expectFailure) {
            e.printStackTrace();
            fail();
        }
    }
    if (expectFailure) {
        assertNull(effRights);
    } else {
        assertNotNull(effRights);
    }
    return effRights;
}
Also used : AllEffectiveRights(com.zimbra.cs.account.accesscontrol.RightCommand.AllEffectiveRights) EffectiveRights(com.zimbra.cs.account.accesscontrol.RightCommand.EffectiveRights) ServiceException(com.zimbra.common.service.ServiceException)

Example 8 with EffectiveRights

use of com.zimbra.cs.account.accesscontrol.RightCommand.EffectiveRights in project zm-mailbox by Zimbra.

the class TestACLAll method isRightInRightAggregation.

/*
     * RightType rightType, boolean allAttrs, Set<String> attrs
     * are params for attr rights, they are the criteria of rights
     * we are looking for.  Would be wrong to just pass the AttrRight
     * object from callsites, since that's the granted right.
     *
     * If we always pass the granted right, can't test negative case like:
     * if the granted right is a getAttrs right and we want to verify that
     * set attrs rights are no found)
     *
     * For preset right, currently the right passed is always the granted
     * right.  Can change callsites to pass other rights if needed.  We
     * currently don't have such test cases.
     */
private boolean isRightInRightAggregation(RightAggregation rightAggr, boolean domainScope, Entry target, Right right, RightType rightType, boolean allAttrs, Set<String> attrs) {
    EffectiveRights effRights = rightAggr.effectiveRights();
    for (String entry : rightAggr.entries()) {
        boolean matchTarget = false;
        if (domainScope) {
            Domain domain = null;
            try {
                domain = TargetType.getTargetDomain(prov, target);
            } catch (ServiceException e) {
                e.printStackTrace();
                fail();
            }
            assertNotNull(domain);
            matchTarget = entry.equals(domain.getName());
        } else {
            matchTarget = entry.equals(target.getLabel());
        }
        if (!matchTarget) {
            continue;
        }
        boolean found = isRightInEffectiveRights(effRights, right, rightType, allAttrs, attrs);
        if (found) {
            return true;
        }
    }
    return false;
}
Also used : AllEffectiveRights(com.zimbra.cs.account.accesscontrol.RightCommand.AllEffectiveRights) EffectiveRights(com.zimbra.cs.account.accesscontrol.RightCommand.EffectiveRights) ServiceException(com.zimbra.common.service.ServiceException) LdapDomain(com.zimbra.cs.account.ldap.entry.LdapDomain) Domain(com.zimbra.cs.account.Domain)

Example 9 with EffectiveRights

use of com.zimbra.cs.account.accesscontrol.RightCommand.EffectiveRights in project zm-mailbox by Zimbra.

the class TestACLAll method verifyPresetRight.

private void verifyPresetRight(Account grantee, Entry target, Right right, boolean expectedResult) throws ServiceException {
    //
    // verify canDo
    //
    boolean allow = false;
    try {
        allow = accessMgr.canDo(grantee, target, right, asAdmin(grantee), null);
    } catch (ServiceException e) {
        // the only reasonable exception is PERM_DENIED
        if (!ServiceException.PERM_DENIED.equals(e.getCode())) {
            fail();
        }
    }
    assertEquals(expectedResult, allow);
    //
    // verify getEffectiveRights
    //
    EffectiveRights effRights = getEffectiveRights(grantee, target);
    if (effRights != null) {
        allow = isPresetRightInEffectiveRights(effRights, right);
        assertEquals(expectedResult && !right.isUserRight(), allow);
    }
    //
    // verify getAllEffectiveRights
    //
    AllEffectiveRights allEffRights = getAllEffectiveRights(grantee);
    if (allEffRights != null) {
        allow = isRightInGetAllEffectiveRights(allEffRights, grantee, target, right, null, false, null);
        assertEquals(expectedResult && !right.isUserRight(), allow);
    }
}
Also used : AllEffectiveRights(com.zimbra.cs.account.accesscontrol.RightCommand.AllEffectiveRights) EffectiveRights(com.zimbra.cs.account.accesscontrol.RightCommand.EffectiveRights) ServiceException(com.zimbra.common.service.ServiceException) AllEffectiveRights(com.zimbra.cs.account.accesscontrol.RightCommand.AllEffectiveRights)

Example 10 with EffectiveRights

use of com.zimbra.cs.account.accesscontrol.RightCommand.EffectiveRights in project zm-mailbox by Zimbra.

the class TestACLAll method verifySetAttrs.

private void verifySetAttrs(Account grantee, Entry target, AttrRight attrRight, boolean canGrantBeInheritedForCreate, Set<String> attrs, boolean expectedResult) throws ServiceException {
    boolean allow = false;
    //
    try {
        allow = accessMgr.canSetAttrs(grantee, target, attrs, true);
    } catch (ServiceException e) {
        // the only reasonable exception is PERM_DENIED
        if (!ServiceException.PERM_DENIED.equals(e.getCode())) {
            fail();
        }
    }
    assertEquals(expectedResult, allow);
    //
    // verify getEffectiveRights
    //
    EffectiveRights effRights = getEffectiveRights(grantee, target);
    if (effRights != null) {
        allow = isAttrRightInEffectiveRights(effRights, RightType.setAttrs, attrRight.allAttrs(), attrs);
        assertEquals(expectedResult, allow);
    }
    //
    // verify getAllEffectiveRights
    //
    AllEffectiveRights allEffRights = getAllEffectiveRights(grantee);
    if (allEffRights != null) {
        allow = isRightInGetAllEffectiveRights(allEffRights, grantee, target, attrRight, RightType.setAttrs, attrRight.allAttrs(), attrs);
        assertEquals(expectedResult, allow);
    }
    //
    // verify getCreateObjectAttrs
    //
    EffectiveRights effRightsCreate = getCreateObjectAttrs(grantee, target);
    if (effRightsCreate != null) {
        // Note: only inherited attr rights should be expected
        allow = isAttrRightInEffectiveRights(effRightsCreate, RightType.setAttrs, attrRight.allAttrs(), attrs);
        assertEquals(expectedResult && canGrantBeInheritedForCreate, allow);
    }
}
Also used : AllEffectiveRights(com.zimbra.cs.account.accesscontrol.RightCommand.AllEffectiveRights) EffectiveRights(com.zimbra.cs.account.accesscontrol.RightCommand.EffectiveRights) ServiceException(com.zimbra.common.service.ServiceException) AllEffectiveRights(com.zimbra.cs.account.accesscontrol.RightCommand.AllEffectiveRights)

Aggregations

AllEffectiveRights (com.zimbra.cs.account.accesscontrol.RightCommand.AllEffectiveRights)17 EffectiveRights (com.zimbra.cs.account.accesscontrol.RightCommand.EffectiveRights)17 ServiceException (com.zimbra.common.service.ServiceException)6 Domain (com.zimbra.cs.account.Domain)5 Entry (com.zimbra.cs.account.Entry)4 NamedEntry (com.zimbra.cs.account.NamedEntry)4 RightsByTargetType (com.zimbra.cs.account.accesscontrol.RightCommand.RightsByTargetType)4 TargetType (com.zimbra.cs.account.accesscontrol.TargetType)4 Test (org.junit.Test)4 Account (com.zimbra.cs.account.Account)3 Group (com.zimbra.cs.account.Group)2 GranteeType (com.zimbra.cs.account.accesscontrol.GranteeType)2 InlineAttrRight (com.zimbra.cs.account.accesscontrol.InlineAttrRight)2 Right (com.zimbra.cs.account.accesscontrol.Right)2 RightCommand (com.zimbra.cs.account.accesscontrol.RightCommand)2 DomainedRightsByTargetType (com.zimbra.cs.account.accesscontrol.RightCommand.DomainedRightsByTargetType)2 DistributionList (com.zimbra.cs.account.DistributionList)1 DynamicGroup (com.zimbra.cs.account.DynamicGroup)1 GlobalAdmin (com.zimbra.cs.account.accesscontrol.RightBearer.GlobalAdmin)1 EffectiveAttr (com.zimbra.cs.account.accesscontrol.RightCommand.EffectiveAttr)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial