Examples with EffectiveRights com.zimbra.cs.account.accesscontrol.RightCommand.EffectiveRights used on opensource projects

Example 16 with EffectiveRights

use of com.zimbra.cs.account.accesscontrol.RightCommand.EffectiveRights in project zm-mailbox by Zimbra.

the class CollectAllEffectiveRights method computeRightsInheritedFromGlobalGrant.

private void computeRightsInheritedFromGlobalGrant() throws ServiceException {
    for (TargetType tt : TargetType.values()) {
        Entry targetEntry;
        if (tt == TargetType.global) {
            targetEntry = mProv.getGlobalGrant();
        } else if (tt == TargetType.config) {
            targetEntry = mProv.getConfig();
        } else {
            targetEntry = PseudoTarget.createPseudoTarget(mProv, tt, null, null, true, null, null);
        }
        EffectiveRights er = new EffectiveRights(tt.getCode(), TargetType.getId(targetEntry), targetEntry.getLabel(), mGrantee.getId(), mGrantee.getName());
        CollectEffectiveRights.getEffectiveRights(mGrantee, targetEntry, mExpandSetAttrs, mExpandGetAttrs, er);
        mResult.setAll(tt, er);
    }
}

Example 17 with EffectiveRights

use of com.zimbra.cs.account.accesscontrol.RightCommand.EffectiveRights in project zm-mailbox by Zimbra.

the class CollectAllEffectiveRights method computeRightsOnGroupShape.

/*
     * We do not have a group scope in AllEffectiveRights.
     *
     * Reasons:
     *     1. If we return something like:
     *           have effective rights X, Y, Z on members in groups A, B, C
     *           have effective rights P, Q, R on members in groups M, N
     *        then client will have to figure out if an account/cr/dl are in which groups.
     *
     *     2. If a group-ed(i.e. account/cr/dl) are in multiple groups, that's even messier
     *        for the client (admin console).
     *
     * Instead, we classify group-ed entries in groups with grants into "shapes", and
     * represent them in a RightAggregation, like:
     *       - has effective rights X, Y on accounts user1, user5, user8
     *       - has effective rights X on accounts user2, user3, user4
     *       - has effective rights on calendar resources cr1, cr88
     *       - has effective rights on distribution lists dl38, dl99
     */
private void computeRightsOnGroupShape(TargetType targetType, Set<GroupShape> groupShapes, Set<String> entryIdsHasGrants) throws ServiceException {
    for (GroupShape shape : groupShapes) {
        // get any one member in the shape and use that as a pilot target to get
        // an EffectiveRights.  Note, the pilot target entry itself cannot have
        // any grants or else it will not result in the same EffectiveRights for
        // the group shape.  Entries have grants will be recorded in stage 3; and
        // will overwrite the entry rights recorded here.
        //
        // if for some reason the member cannot be found (e.g. account is deleted
        // but somehow not removed from a group, l=not likely though), just skip
        // to use another one in the shape.
        //
        //
        Entry target = null;
        EffectiveRights er = null;
        for (String memberName : shape.getMembers()) {
            target = TargetType.lookupTarget(mProv, targetType, TargetBy.name, memberName, false);
            if (target != null) {
                String targetId = TargetType.getId(target);
                if (!entryIdsHasGrants.contains(targetId)) {
                    er = new EffectiveRights(targetType.getCode(), targetId, target.getLabel(), mGrantee.getId(), mGrantee.getName());
                    CollectEffectiveRights.getEffectiveRights(mGrantee, target, mExpandSetAttrs, mExpandGetAttrs, er);
                    break;
                }
            // else the member itself has grants, skip it for being used as a pilot target entry
            }
        }
        if (er != null) {
            mResult.addAggregation(targetType, shape.getMembers(), er);
        }
    }
}