use of com.zimbra.cs.account.accesscontrol.TargetType in project zm-mailbox by Zimbra.
the class GetDelegatedAdminConstraints method getEntry.
static Entry getEntry(Element request) throws ServiceException {
Provisioning prov = Provisioning.getInstance();
String typeStr = request.getAttribute(AdminConstants.A_TYPE);
TargetType type = TargetType.fromCode(typeStr);
if (type == TargetType.config) {
// cannot specify id or name
if (request.getAttribute(AdminConstants.A_ID, null) != null)
throw ServiceException.INVALID_REQUEST("cannot specify id for type " + typeStr, null);
if (request.getAttribute(AdminConstants.A_NAME, null) != null)
throw ServiceException.INVALID_REQUEST("cannot specify name for type " + typeStr, null);
return prov.getConfig();
} else if (type == TargetType.cos) {
String id = request.getAttribute(AdminConstants.A_ID, null);
String name = request.getAttribute(AdminConstants.A_NAME, null);
if (id != null) {
Cos cos = prov.get(Key.CosBy.id, id);
if (cos == null)
throw AccountServiceException.NO_SUCH_COS(id);
if (name != null) {
if (!name.equals(cos.getName()))
throw ServiceException.INVALID_REQUEST("Specified name " + name + " does not match entry name for the specified id " + id, null);
}
return cos;
} else if (name != null) {
Cos cos = prov.get(Key.CosBy.name, name);
if (cos == null)
throw AccountServiceException.NO_SUCH_COS(name);
if (id != null) {
if (!id.equals(cos.getId()))
throw ServiceException.INVALID_REQUEST("Specified id " + id + " does not match id for the specified name " + name, null);
}
return cos;
} else
throw ServiceException.INVALID_REQUEST("neither id or name is specified", null);
} else
throw ServiceException.INVALID_REQUEST("invalid type " + typeStr, null);
}
use of com.zimbra.cs.account.accesscontrol.TargetType in project zm-mailbox by Zimbra.
the class GetGrants method handle.
@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
ZimbraSoapContext zsc = getZimbraSoapContext(context);
Provisioning prov = Provisioning.getInstance();
String targetType = null;
TargetBy targetBy = null;
String target = null;
Element eTarget = request.getOptionalElement(AdminConstants.E_TARGET);
if (eTarget != null) {
targetType = eTarget.getAttribute(AdminConstants.A_TYPE);
if (TargetType.fromCode(targetType).needsTargetIdentity()) {
targetBy = TargetBy.fromString(eTarget.getAttribute(AdminConstants.A_BY));
target = eTarget.getText();
}
// check if the authed admin has right to view grants on the desired target
TargetType tt = TargetType.fromCode(targetType);
Entry targetEntry = TargetType.lookupTarget(prov, tt, targetBy, target);
// targetEntry cannot be null by now, because lookupTarget would have thrown
// if the specified target does not exist
checkRight(zsc, targetEntry, Admin.R_viewGrants);
}
String granteeType = null;
GranteeBy granteeBy = null;
String grantee = null;
boolean granteeIncludeGroupsGranteeBelongs = true;
Element eGrantee = request.getOptionalElement(AdminConstants.E_GRANTEE);
if (eGrantee != null) {
granteeType = eGrantee.getAttribute(AdminConstants.A_TYPE);
granteeBy = GranteeBy.fromString(eGrantee.getAttribute(AdminConstants.A_BY));
grantee = eGrantee.getText();
granteeIncludeGroupsGranteeBelongs = eGrantee.getAttributeBool(AdminConstants.A_ALL);
}
RightCommand.Grants grants = RightCommand.getGrants(prov, targetType, targetBy, target, granteeType, granteeBy, grantee, granteeIncludeGroupsGranteeBelongs);
// check if the authed admin can see the zimbraACE attr on
// each of the target on which grants for the specified grantee are found
Set<String> OKedTarget = new HashSet<String>();
for (RightCommand.ACE ace : grants.getACEs()) {
TargetType tt = TargetType.fromCode(ace.targetType());
// has to look up target by name, because zimlet can only be looked up by name
Entry targetEntry = TargetType.lookupTarget(prov, tt, TargetBy.name, ace.targetName());
String targetKey = ace.targetType() + "-" + ace.targetId();
if (!OKedTarget.contains(targetKey)) {
checkRight(zsc, targetEntry, Admin.R_viewGrants);
// add the target to our OKed set, so we don't check again
OKedTarget.add(targetKey);
}
}
Element resp = zsc.createElement(AdminConstants.GET_GRANTS_RESPONSE);
grants.toXML(resp);
return resp;
}
use of com.zimbra.cs.account.accesscontrol.TargetType in project zm-mailbox by Zimbra.
the class SearchDirectory method encodeAlias.
private static void encodeAlias(Element e, Provisioning prov, Alias a, Set<String> reqAttrs) throws ServiceException {
Element ealias = e.addElement(AdminConstants.E_ALIAS);
ealias.addAttribute(AdminConstants.A_NAME, a.getUnicodeName());
ealias.addAttribute(AdminConstants.A_ID, a.getId());
ealias.addAttribute(AdminConstants.A_TARGETNAME, a.getTargetUnicodeName(prov));
TargetType tt = a.getTargetType(prov);
if (tt != null) {
ealias.addAttribute(AdminConstants.A_TYPE, tt.getCode());
}
Map attrs = a.getUnicodeAttrs();
// don't have/need an AttrRightChecker for alias
ToXML.encodeAttrs(ealias, attrs, reqAttrs, null);
}
use of com.zimbra.cs.account.accesscontrol.TargetType in project zm-mailbox by Zimbra.
the class TestACLAll method expectedIsPresetRightGrantableOnTargetType.
private boolean expectedIsPresetRightGrantableOnTargetType(PresetRight presetRight, TargetType targetType) throws Exception {
Set<TargetType> validTypes = Sets.newHashSet();
TargetType rightTarget = presetRight.getTargetType();
collectGrantableTargetTypes(rightTarget, validTypes);
return validTypes.contains(targetType);
}
use of com.zimbra.cs.account.accesscontrol.TargetType in project zm-mailbox by Zimbra.
the class TestACLAll method isRightInGetAllEffectiveRights.
private boolean isRightInGetAllEffectiveRights(AllEffectiveRights allEffRights, Account grantee, Entry target, Right right, RightType rightType, boolean allAttrs, Set<String> attrs) throws ServiceException {
TargetType targetType = TargetType.getTargetType(target);
Map<TargetType, RightsByTargetType> rbttMap = allEffRights.rightsByTargetType();
RightsByTargetType rbtt = rbttMap.get(targetType);
if (rbtt != null) {
boolean found = false;
// all entries
EffectiveRights effRights = rbtt.all();
if (effRights != null) {
found = isRightInEffectiveRights(effRights, right, rightType, allAttrs, attrs);
if (found) {
return true;
}
}
// check domained entries
if (rbtt instanceof DomainedRightsByTargetType) {
DomainedRightsByTargetType domainedRights = (DomainedRightsByTargetType) rbtt;
for (RightAggregation rightsByDomains : domainedRights.domains()) {
found = isRightInRightAggregation(rightsByDomains, true, target, right, rightType, allAttrs, attrs);
if (found) {
return true;
}
}
}
// check individual entry
for (RightCommand.RightAggregation rightsByEntries : rbtt.entries()) {
found = isRightInRightAggregation(rightsByEntries, false, target, right, rightType, allAttrs, attrs);
if (found) {
return true;
}
}
}
return false;
}
Aggregations