Search in sources :

Example 1 with RightsByTargetType

use of com.zimbra.cs.account.accesscontrol.RightCommand.RightsByTargetType in project zm-mailbox by Zimbra.

the class TestACLAll method isRightInGetAllEffectiveRights.

private boolean isRightInGetAllEffectiveRights(AllEffectiveRights allEffRights, Account grantee, Entry target, Right right, RightType rightType, boolean allAttrs, Set<String> attrs) throws ServiceException {
    TargetType targetType = TargetType.getTargetType(target);
    Map<TargetType, RightsByTargetType> rbttMap = allEffRights.rightsByTargetType();
    RightsByTargetType rbtt = rbttMap.get(targetType);
    if (rbtt != null) {
        boolean found = false;
        // all entries
        EffectiveRights effRights = rbtt.all();
        if (effRights != null) {
            found = isRightInEffectiveRights(effRights, right, rightType, allAttrs, attrs);
            if (found) {
                return true;
            }
        }
        // check domained entries
        if (rbtt instanceof DomainedRightsByTargetType) {
            DomainedRightsByTargetType domainedRights = (DomainedRightsByTargetType) rbtt;
            for (RightAggregation rightsByDomains : domainedRights.domains()) {
                found = isRightInRightAggregation(rightsByDomains, true, target, right, rightType, allAttrs, attrs);
                if (found) {
                    return true;
                }
            }
        }
        // check individual entry
        for (RightCommand.RightAggregation rightsByEntries : rbtt.entries()) {
            found = isRightInRightAggregation(rightsByEntries, false, target, right, rightType, allAttrs, attrs);
            if (found) {
                return true;
            }
        }
    }
    return false;
}
Also used : AllEffectiveRights(com.zimbra.cs.account.accesscontrol.RightCommand.AllEffectiveRights) EffectiveRights(com.zimbra.cs.account.accesscontrol.RightCommand.EffectiveRights) RightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.RightsByTargetType) DomainedRightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.DomainedRightsByTargetType) DomainedRightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.DomainedRightsByTargetType) RightAggregation(com.zimbra.cs.account.accesscontrol.RightCommand.RightAggregation) TargetType(com.zimbra.cs.account.accesscontrol.TargetType) RightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.RightsByTargetType) DomainedRightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.DomainedRightsByTargetType) RightAggregation(com.zimbra.cs.account.accesscontrol.RightCommand.RightAggregation) RightCommand(com.zimbra.cs.account.accesscontrol.RightCommand)

Example 2 with RightsByTargetType

use of com.zimbra.cs.account.accesscontrol.RightCommand.RightsByTargetType in project zm-mailbox by Zimbra.

the class TestACLEffectiveRights method getAllEffectiveRights.

@Test
public void getAllEffectiveRights() throws Exception {
    Domain domain = provUtil.createDomain(genDomainSegmentName() + "." + BASE_DOMAIN_NAME);
    Account target = provUtil.createAccount(genAcctNameLocalPart("user"), domain);
    Account grantee = provUtil.createDelegatedAdmin(genAcctNameLocalPart("da"), domain);
    Account grantingAccount = globalAdmin;
    TargetType targetType = TargetType.getTargetType(target);
    GranteeType granteeType = GranteeType.GT_USER;
    Right right = ADMIN_PRESET_ACCOUNT;
    RightCommand.grantRight(prov, grantingAccount, targetType.getCode(), TargetBy.name, target.getName(), granteeType.getCode(), GranteeBy.name, grantee.getName(), null, right.getName(), null);
    AllEffectiveRights allEffRights = RightCommand.getAllEffectiveRights(prov, granteeType.getCode(), GranteeBy.name, grantee.getName(), false, false);
    Map<TargetType, RightsByTargetType> rbttMap = allEffRights.rightsByTargetType();
    RightsByTargetType rbtt = rbttMap.get(targetType);
    boolean found = false;
    for (RightCommand.RightAggregation rightsByEntries : rbtt.entries()) {
        Set<String> targetNames = rightsByEntries.entries();
        if (targetNames.contains(target.getName())) {
            // this RightAggregation contains our target
            // see if it contains out right
            EffectiveRights effRights = rightsByEntries.effectiveRights();
            List<String> presetRights = effRights.presetRights();
            if (presetRights.contains(right.getName())) {
                found = true;
            }
        }
    }
    assertTrue(found);
}
Also used : Account(com.zimbra.cs.account.Account) GranteeType(com.zimbra.cs.account.accesscontrol.GranteeType) EffectiveRights(com.zimbra.cs.account.accesscontrol.RightCommand.EffectiveRights) AllEffectiveRights(com.zimbra.cs.account.accesscontrol.RightCommand.AllEffectiveRights) AllEffectiveRights(com.zimbra.cs.account.accesscontrol.RightCommand.AllEffectiveRights) InlineAttrRight(com.zimbra.cs.account.accesscontrol.InlineAttrRight) Right(com.zimbra.cs.account.accesscontrol.Right) RightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.RightsByTargetType) RightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.RightsByTargetType) TargetType(com.zimbra.cs.account.accesscontrol.TargetType) RightCommand(com.zimbra.cs.account.accesscontrol.RightCommand) Domain(com.zimbra.cs.account.Domain) Test(org.junit.Test)

Aggregations

RightCommand (com.zimbra.cs.account.accesscontrol.RightCommand)2 AllEffectiveRights (com.zimbra.cs.account.accesscontrol.RightCommand.AllEffectiveRights)2 EffectiveRights (com.zimbra.cs.account.accesscontrol.RightCommand.EffectiveRights)2 RightsByTargetType (com.zimbra.cs.account.accesscontrol.RightCommand.RightsByTargetType)2 TargetType (com.zimbra.cs.account.accesscontrol.TargetType)2 Account (com.zimbra.cs.account.Account)1 Domain (com.zimbra.cs.account.Domain)1 GranteeType (com.zimbra.cs.account.accesscontrol.GranteeType)1 InlineAttrRight (com.zimbra.cs.account.accesscontrol.InlineAttrRight)1 Right (com.zimbra.cs.account.accesscontrol.Right)1 DomainedRightsByTargetType (com.zimbra.cs.account.accesscontrol.RightCommand.DomainedRightsByTargetType)1 RightAggregation (com.zimbra.cs.account.accesscontrol.RightCommand.RightAggregation)1 Test (org.junit.Test)1