Examples with RightManager com.zimbra.cs.account.accesscontrol.RightManager used on opensource projects

Search in sources :

Example 1 with RightManager

use of com.zimbra.cs.account.accesscontrol.RightManager in project zm-mailbox by Zimbra.

the class TestGroups method doRightsTestForAccount.

private void doRightsTestForAccount(String acctName, int expected, int adminOnlyExpected) throws ServiceException {
    RightManager rightMgr = RightManager.getInstance();
    Set<Right> rights = Sets.newHashSet();
    rights.add(rightMgr.getUserRight(RightConsts.RT_createDistList));
    Account acct = soapProv.getAccountByName(acctName);
    doGetGroupMembershipWithRights(acct, rights, expected, adminOnlyExpected);
}
Also used : Account(com.zimbra.cs.account.Account) RightManager(com.zimbra.cs.account.accesscontrol.RightManager) Right(com.zimbra.cs.account.accesscontrol.Right)

Example 2 with RightManager

use of com.zimbra.cs.account.accesscontrol.RightManager in project zm-mailbox by Zimbra.

the class GetInfo method handle.

@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
    ZimbraSoapContext zsc = getZimbraSoapContext(context);
    Account account = getRequestedAccount(zsc);
    if (!canAccessAccount(zsc, account)) {
        throw ServiceException.PERM_DENIED("can not access account");
    }
    // figure out the subset of data the caller wants (default to all data)
    String secstr = request.getAttribute(AccountConstants.A_SECTIONS, null);
    Set<Section> sections;
    if (secstr != null) {
        sections = EnumSet.noneOf(Section.class);
        for (String sec : Splitter.on(',').omitEmptyStrings().trimResults().split(secstr)) {
            sections.add(Section.lookup(sec));
        }
    } else {
        sections = EnumSet.allOf(Section.class);
    }
    String rightsStr = request.getAttribute(AccountConstants.A_RIGHTS, null);
    Set<Right> rights = null;
    if (rightsStr != null) {
        RightManager rightMgr = RightManager.getInstance();
        rights = Sets.newHashSet();
        for (String right : Splitter.on(',').omitEmptyStrings().trimResults().split(rightsStr)) {
            rights.add(rightMgr.getUserRight(right));
        }
    }
    Element response = zsc.createElement(AccountConstants.GET_INFO_RESPONSE);
    response.addAttribute(AccountConstants.E_VERSION, BuildInfo.FULL_VERSION, Element.Disposition.CONTENT);
    response.addAttribute(AccountConstants.E_ID, account.getId(), Element.Disposition.CONTENT);
    response.addAttribute(AccountConstants.E_NAME, account.getUnicodeName(), Element.Disposition.CONTENT);
    try {
        response.addAttribute(AccountConstants.E_CRUMB, zsc.getAuthToken().getCrumb(), Element.Disposition.CONTENT);
    } catch (AuthTokenException e) {
        // shouldn't happen
        ZimbraLog.account.warn("can't generate crumb", e);
    }
    long lifetime = zsc.getAuthToken().getExpires() - System.currentTimeMillis();
    response.addAttribute(AccountConstants.E_LIFETIME, lifetime, Element.Disposition.CONTENT);
    Provisioning prov = Provisioning.getInstance();
    // bug 53770, return if the request is using a delegated authtoken issued to an admin account
    AuthToken authToken = zsc.getAuthToken();
    if (authToken.isDelegatedAuth()) {
        Account admin = prov.get(AccountBy.id, authToken.getAdminAccountId());
        if (admin != null) {
            boolean isAdmin = AdminAccessControl.isAdequateAdminAccount(admin);
            if (isAdmin) {
                response.addAttribute(AccountConstants.E_ADMIN_DELEGATED, true, Element.Disposition.CONTENT);
            }
        }
    }
    try {
        Server server = prov.getLocalServer();
        if (server != null) {
            response.addAttribute(AccountConstants.A_DOCUMENT_SIZE_LIMIT, server.getFileUploadMaxSize());
        }
        Config config = prov.getConfig();
        if (config != null) {
            long maxAttachSize = config.getMtaMaxMessageSize();
            if (maxAttachSize == 0) {
                maxAttachSize = -1;
            /* means unlimited */
            }
            response.addAttribute(AccountConstants.A_ATTACHMENT_SIZE_LIMIT, maxAttachSize);
        }
    } catch (ServiceException e) {
    }
    if (sections.contains(Section.MBOX) && Provisioning.onLocalServer(account)) {
        response.addAttribute(AccountConstants.E_REST, UserServlet.getRestUrl(account), Element.Disposition.CONTENT);
        try {
            Mailbox mbox = getRequestedMailbox(zsc);
            response.addAttribute(AccountConstants.E_QUOTA_USED, mbox.getSize(), Element.Disposition.CONTENT);
            Session s = (Session) context.get(SoapEngine.ZIMBRA_SESSION);
            if (s instanceof SoapSession) {
                // we have a valid session; get the stats on this session
                response.addAttribute(AccountConstants.E_PREVIOUS_SESSION, ((SoapSession) s).getPreviousSessionTime(), Element.Disposition.CONTENT);
                response.addAttribute(AccountConstants.E_LAST_ACCESS, ((SoapSession) s).getLastWriteAccessTime(), Element.Disposition.CONTENT);
                response.addAttribute(AccountConstants.E_RECENT_MSGS, ((SoapSession) s).getRecentMessageCount(), Element.Disposition.CONTENT);
            } else {
                // we have no session; calculate the stats from the mailbox and the other SOAP sessions
                long lastAccess = mbox.getLastSoapAccessTime();
                response.addAttribute(AccountConstants.E_PREVIOUS_SESSION, lastAccess, Element.Disposition.CONTENT);
                response.addAttribute(AccountConstants.E_LAST_ACCESS, lastAccess, Element.Disposition.CONTENT);
                response.addAttribute(AccountConstants.E_RECENT_MSGS, mbox.getRecentMessageCount(), Element.Disposition.CONTENT);
            }
        } catch (ServiceException e) {
        }
    }
    doCos(account, response);
    Map<String, Object> attrMap = account.getUnicodeAttrs();
    Locale locale = Provisioning.getInstance().getLocale(account);
    if (sections.contains(Section.PREFS)) {
        Element prefs = response.addUniqueElement(AccountConstants.E_PREFS);
        GetPrefs.doPrefs(account, prefs, attrMap, null);
    }
    if (sections.contains(Section.ATTRS)) {
        Element attrs = response.addUniqueElement(AccountConstants.E_ATTRS);
        doAttrs(account, locale.toString(), attrs, attrMap);
    }
    if (sections.contains(Section.ZIMLETS)) {
        Element zimlets = response.addUniqueElement(AccountConstants.E_ZIMLETS);
        doZimlets(zimlets, account);
    }
    if (sections.contains(Section.PROPS)) {
        Element props = response.addUniqueElement(AccountConstants.E_PROPERTIES);
        doProperties(props, account);
    }
    if (sections.contains(Section.IDENTS)) {
        Element ids = response.addUniqueElement(AccountConstants.E_IDENTITIES);
        doIdentities(ids, account);
    }
    if (sections.contains(Section.SIGS)) {
        Element sigs = response.addUniqueElement(AccountConstants.E_SIGNATURES);
        doSignatures(sigs, account);
    }
    if (sections.contains(Section.DSRCS)) {
        Element ds = response.addUniqueElement(AccountConstants.E_DATA_SOURCES);
        doDataSources(ds, account);
    }
    if (sections.contains(Section.CHILDREN)) {
        Element ca = response.addUniqueElement(AccountConstants.E_CHILD_ACCOUNTS);
        doChildAccounts(ca, account, zsc.getAuthToken());
    }
    if (rights != null && !rights.isEmpty()) {
        Element eRights = response.addUniqueElement(AccountConstants.E_RIGHTS);
        doDiscoverRights(eRights, account, rights);
    }
    GetAccountInfo.addUrls(response, account);
    for (GetInfoExt extension : extensions) {
        extension.handle(zsc, response);
    }
    return response;
}
Also used : Locale(java.util.Locale) Account(com.zimbra.cs.account.Account) Server(com.zimbra.cs.account.Server) RightManager(com.zimbra.cs.account.accesscontrol.RightManager) Config(com.zimbra.cs.account.Config) Element(com.zimbra.common.soap.Element) Right(com.zimbra.cs.account.accesscontrol.Right) Provisioning(com.zimbra.cs.account.Provisioning) SoapSession(com.zimbra.cs.session.SoapSession) ServiceException(com.zimbra.common.service.ServiceException) Mailbox(com.zimbra.cs.mailbox.Mailbox) ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext) AuthTokenException(com.zimbra.cs.account.AuthTokenException) AuthToken(com.zimbra.cs.account.AuthToken) SoapSession(com.zimbra.cs.session.SoapSession) Session(com.zimbra.cs.session.Session)

Example 3 with RightManager

use of com.zimbra.cs.account.accesscontrol.RightManager in project zm-mailbox by Zimbra.

the class DiscoverRights method handle.

@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
    ZimbraSoapContext zsc = getZimbraSoapContext(context);
    Account account = getRequestedAccount(zsc);
    if (!canAccessAccount(zsc, account)) {
        throw ServiceException.PERM_DENIED("can not access account");
    }
    RightManager rightMgr = RightManager.getInstance();
    Set<Right> rights = Sets.newHashSet();
    for (Element eRight : request.listElements(AccountConstants.E_RIGHT)) {
        UserRight r = rightMgr.getUserRight(eRight.getText());
        rights.add(r);
    }
    if (rights.size() == 0) {
        throw ServiceException.INVALID_REQUEST("no right is specified", null);
    }
    Element response = zsc.createElement(AccountConstants.DISCOVER_RIGHTS_RESPONSE);
    discoverRights(account, rights, response, true);
    return response;
}
Also used : Account(com.zimbra.cs.account.Account) UserRight(com.zimbra.cs.account.accesscontrol.UserRight) ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext) RightManager(com.zimbra.cs.account.accesscontrol.RightManager) Element(com.zimbra.common.soap.Element) UserRight(com.zimbra.cs.account.accesscontrol.UserRight) Right(com.zimbra.cs.account.accesscontrol.Right)

Example 4 with RightManager

use of com.zimbra.cs.account.accesscontrol.RightManager in project zm-mailbox by Zimbra.

the class TestGroups method ENABLE_FOR_PERFORMANCE_TESTStestCustomDynamicGroups.

/**
     * For testing performance (after adjusting setup parameters) - see Bug 89504
     */
public void ENABLE_FOR_PERFORMANCE_TESTStestCustomDynamicGroups() throws Exception {
    long start = System.currentTimeMillis();
    RightManager rightMgr = RightManager.getInstance();
    Set<Right> rights = Sets.newHashSet();
    rights.add(rightMgr.getUserRight(RightConsts.RT_createDistList));
    Thread[] threads = new Thread[80];
    for (int i = 0; i < threads.length; i++) {
        String acctName = String.format(acctPatt, i % 10 + 1);
        Account acct = soapProv.getAccountByName(acctName);
        threads[i] = new Thread(new GetMembershipClientThread(ldapProv, acct, rights));
    }
    for (Thread thread : threads) {
        thread.start();
    }
    for (Thread thread : threads) {
        thread.join();
    }
    ZimbraLog.test.info("ZZZ testCustomDynamicGroups %s", ZimbraLog.elapsedTime(start, System.currentTimeMillis()));
}
Also used : Account(com.zimbra.cs.account.Account) RightManager(com.zimbra.cs.account.accesscontrol.RightManager) Right(com.zimbra.cs.account.accesscontrol.Right)

Aggregations

Account (com.zimbra.cs.account.Account)4 Right (com.zimbra.cs.account.accesscontrol.Right)4 RightManager (com.zimbra.cs.account.accesscontrol.RightManager)4 Element (com.zimbra.common.soap.Element)2 ZimbraSoapContext (com.zimbra.soap.ZimbraSoapContext)2 ServiceException (com.zimbra.common.service.ServiceException)1 AuthToken (com.zimbra.cs.account.AuthToken)1 AuthTokenException (com.zimbra.cs.account.AuthTokenException)1 Config (com.zimbra.cs.account.Config)1 Provisioning (com.zimbra.cs.account.Provisioning)1 Server (com.zimbra.cs.account.Server)1 UserRight (com.zimbra.cs.account.accesscontrol.UserRight)1 Mailbox (com.zimbra.cs.mailbox.Mailbox)1 Session (com.zimbra.cs.session.Session)1 SoapSession (com.zimbra.cs.session.SoapSession)1 Locale (java.util.Locale)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial