Search in sources :

Example 6 with TargetType

use of com.zimbra.cs.account.accesscontrol.TargetType in project zm-mailbox by Zimbra.

the class GetDelegatedAdminConstraints method getEntry.

static Entry getEntry(Element request) throws ServiceException {
    Provisioning prov = Provisioning.getInstance();
    String typeStr = request.getAttribute(AdminConstants.A_TYPE);
    TargetType type = TargetType.fromCode(typeStr);
    if (type == TargetType.config) {
        // cannot specify id or name
        if (request.getAttribute(AdminConstants.A_ID, null) != null)
            throw ServiceException.INVALID_REQUEST("cannot specify id for type " + typeStr, null);
        if (request.getAttribute(AdminConstants.A_NAME, null) != null)
            throw ServiceException.INVALID_REQUEST("cannot specify name for type " + typeStr, null);
        return prov.getConfig();
    } else if (type == TargetType.cos) {
        String id = request.getAttribute(AdminConstants.A_ID, null);
        String name = request.getAttribute(AdminConstants.A_NAME, null);
        if (id != null) {
            Cos cos = prov.get(Key.CosBy.id, id);
            if (cos == null)
                throw AccountServiceException.NO_SUCH_COS(id);
            if (name != null) {
                if (!name.equals(cos.getName()))
                    throw ServiceException.INVALID_REQUEST("Specified name " + name + " does not match entry name for the specified id " + id, null);
            }
            return cos;
        } else if (name != null) {
            Cos cos = prov.get(Key.CosBy.name, name);
            if (cos == null)
                throw AccountServiceException.NO_SUCH_COS(name);
            if (id != null) {
                if (!id.equals(cos.getId()))
                    throw ServiceException.INVALID_REQUEST("Specified id " + id + " does not match id for the specified name " + name, null);
            }
            return cos;
        } else
            throw ServiceException.INVALID_REQUEST("neither id or name is specified", null);
    } else
        throw ServiceException.INVALID_REQUEST("invalid type " + typeStr, null);
}
Also used : Cos(com.zimbra.cs.account.Cos) TargetType(com.zimbra.cs.account.accesscontrol.TargetType) Provisioning(com.zimbra.cs.account.Provisioning)

Example 7 with TargetType

use of com.zimbra.cs.account.accesscontrol.TargetType in project zm-mailbox by Zimbra.

the class GetGrants method handle.

@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
    ZimbraSoapContext zsc = getZimbraSoapContext(context);
    Provisioning prov = Provisioning.getInstance();
    String targetType = null;
    TargetBy targetBy = null;
    String target = null;
    Element eTarget = request.getOptionalElement(AdminConstants.E_TARGET);
    if (eTarget != null) {
        targetType = eTarget.getAttribute(AdminConstants.A_TYPE);
        if (TargetType.fromCode(targetType).needsTargetIdentity()) {
            targetBy = TargetBy.fromString(eTarget.getAttribute(AdminConstants.A_BY));
            target = eTarget.getText();
        }
        // check if the authed admin has right to view grants on the desired target
        TargetType tt = TargetType.fromCode(targetType);
        Entry targetEntry = TargetType.lookupTarget(prov, tt, targetBy, target);
        // targetEntry cannot be null by now, because lookupTarget would have thrown
        // if the specified target does not exist
        checkRight(zsc, targetEntry, Admin.R_viewGrants);
    }
    String granteeType = null;
    GranteeBy granteeBy = null;
    String grantee = null;
    boolean granteeIncludeGroupsGranteeBelongs = true;
    Element eGrantee = request.getOptionalElement(AdminConstants.E_GRANTEE);
    if (eGrantee != null) {
        granteeType = eGrantee.getAttribute(AdminConstants.A_TYPE);
        granteeBy = GranteeBy.fromString(eGrantee.getAttribute(AdminConstants.A_BY));
        grantee = eGrantee.getText();
        granteeIncludeGroupsGranteeBelongs = eGrantee.getAttributeBool(AdminConstants.A_ALL);
    }
    RightCommand.Grants grants = RightCommand.getGrants(prov, targetType, targetBy, target, granteeType, granteeBy, grantee, granteeIncludeGroupsGranteeBelongs);
    // check if the authed admin can see the zimbraACE attr on
    // each of the target on which grants for the specified grantee are found
    Set<String> OKedTarget = new HashSet<String>();
    for (RightCommand.ACE ace : grants.getACEs()) {
        TargetType tt = TargetType.fromCode(ace.targetType());
        // has to look up target by name, because zimlet can only be looked up by name
        Entry targetEntry = TargetType.lookupTarget(prov, tt, TargetBy.name, ace.targetName());
        String targetKey = ace.targetType() + "-" + ace.targetId();
        if (!OKedTarget.contains(targetKey)) {
            checkRight(zsc, targetEntry, Admin.R_viewGrants);
            // add the target to our OKed set, so we don't check again
            OKedTarget.add(targetKey);
        }
    }
    Element resp = zsc.createElement(AdminConstants.GET_GRANTS_RESPONSE);
    grants.toXML(resp);
    return resp;
}
Also used : Element(com.zimbra.common.soap.Element) TargetBy(com.zimbra.soap.type.TargetBy) Provisioning(com.zimbra.cs.account.Provisioning) Entry(com.zimbra.cs.account.Entry) ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext) GranteeBy(com.zimbra.soap.admin.type.GranteeSelector.GranteeBy) TargetType(com.zimbra.cs.account.accesscontrol.TargetType) RightCommand(com.zimbra.cs.account.accesscontrol.RightCommand) HashSet(java.util.HashSet)

Example 8 with TargetType

use of com.zimbra.cs.account.accesscontrol.TargetType in project zm-mailbox by Zimbra.

the class SearchDirectory method encodeAlias.

private static void encodeAlias(Element e, Provisioning prov, Alias a, Set<String> reqAttrs) throws ServiceException {
    Element ealias = e.addElement(AdminConstants.E_ALIAS);
    ealias.addAttribute(AdminConstants.A_NAME, a.getUnicodeName());
    ealias.addAttribute(AdminConstants.A_ID, a.getId());
    ealias.addAttribute(AdminConstants.A_TARGETNAME, a.getTargetUnicodeName(prov));
    TargetType tt = a.getTargetType(prov);
    if (tt != null) {
        ealias.addAttribute(AdminConstants.A_TYPE, tt.getCode());
    }
    Map attrs = a.getUnicodeAttrs();
    // don't have/need an AttrRightChecker for alias
    ToXML.encodeAttrs(ealias, attrs, reqAttrs, null);
}
Also used : Element(com.zimbra.common.soap.Element) TargetType(com.zimbra.cs.account.accesscontrol.TargetType) Map(java.util.Map)

Example 9 with TargetType

use of com.zimbra.cs.account.accesscontrol.TargetType in project zm-mailbox by Zimbra.

the class TestACLAll method expectedIsPresetRightGrantableOnTargetType.

private boolean expectedIsPresetRightGrantableOnTargetType(PresetRight presetRight, TargetType targetType) throws Exception {
    Set<TargetType> validTypes = Sets.newHashSet();
    TargetType rightTarget = presetRight.getTargetType();
    collectGrantableTargetTypes(rightTarget, validTypes);
    return validTypes.contains(targetType);
}
Also used : TargetType(com.zimbra.cs.account.accesscontrol.TargetType) RightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.RightsByTargetType) DomainedRightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.DomainedRightsByTargetType)

Example 10 with TargetType

use of com.zimbra.cs.account.accesscontrol.TargetType in project zm-mailbox by Zimbra.

the class TestACLAll method isRightInGetAllEffectiveRights.

private boolean isRightInGetAllEffectiveRights(AllEffectiveRights allEffRights, Account grantee, Entry target, Right right, RightType rightType, boolean allAttrs, Set<String> attrs) throws ServiceException {
    TargetType targetType = TargetType.getTargetType(target);
    Map<TargetType, RightsByTargetType> rbttMap = allEffRights.rightsByTargetType();
    RightsByTargetType rbtt = rbttMap.get(targetType);
    if (rbtt != null) {
        boolean found = false;
        // all entries
        EffectiveRights effRights = rbtt.all();
        if (effRights != null) {
            found = isRightInEffectiveRights(effRights, right, rightType, allAttrs, attrs);
            if (found) {
                return true;
            }
        }
        // check domained entries
        if (rbtt instanceof DomainedRightsByTargetType) {
            DomainedRightsByTargetType domainedRights = (DomainedRightsByTargetType) rbtt;
            for (RightAggregation rightsByDomains : domainedRights.domains()) {
                found = isRightInRightAggregation(rightsByDomains, true, target, right, rightType, allAttrs, attrs);
                if (found) {
                    return true;
                }
            }
        }
        // check individual entry
        for (RightCommand.RightAggregation rightsByEntries : rbtt.entries()) {
            found = isRightInRightAggregation(rightsByEntries, false, target, right, rightType, allAttrs, attrs);
            if (found) {
                return true;
            }
        }
    }
    return false;
}
Also used : AllEffectiveRights(com.zimbra.cs.account.accesscontrol.RightCommand.AllEffectiveRights) EffectiveRights(com.zimbra.cs.account.accesscontrol.RightCommand.EffectiveRights) RightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.RightsByTargetType) DomainedRightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.DomainedRightsByTargetType) DomainedRightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.DomainedRightsByTargetType) RightAggregation(com.zimbra.cs.account.accesscontrol.RightCommand.RightAggregation) TargetType(com.zimbra.cs.account.accesscontrol.TargetType) RightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.RightsByTargetType) DomainedRightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.DomainedRightsByTargetType) RightAggregation(com.zimbra.cs.account.accesscontrol.RightCommand.RightAggregation) RightCommand(com.zimbra.cs.account.accesscontrol.RightCommand)

Aggregations

TargetType (com.zimbra.cs.account.accesscontrol.TargetType)23 RightsByTargetType (com.zimbra.cs.account.accesscontrol.RightCommand.RightsByTargetType)13 DomainedRightsByTargetType (com.zimbra.cs.account.accesscontrol.RightCommand.DomainedRightsByTargetType)11 Right (com.zimbra.cs.account.accesscontrol.Right)7 UserRight (com.zimbra.cs.account.accesscontrol.UserRight)7 Element (com.zimbra.common.soap.Element)6 Account (com.zimbra.cs.account.Account)4 Entry (com.zimbra.cs.account.Entry)4 NamedEntry (com.zimbra.cs.account.NamedEntry)4 Provisioning (com.zimbra.cs.account.Provisioning)4 AttrRight (com.zimbra.cs.account.accesscontrol.AttrRight)4 CheckRight (com.zimbra.cs.account.accesscontrol.CheckRight)4 ComboRight (com.zimbra.cs.account.accesscontrol.ComboRight)4 PresetRight (com.zimbra.cs.account.accesscontrol.PresetRight)4 RightCommand (com.zimbra.cs.account.accesscontrol.RightCommand)4 AllEffectiveRights (com.zimbra.cs.account.accesscontrol.RightCommand.AllEffectiveRights)4 EffectiveRights (com.zimbra.cs.account.accesscontrol.RightCommand.EffectiveRights)4 Map (java.util.Map)4 AccessManager (com.zimbra.cs.account.AccessManager)3 ZimbraSoapContext (com.zimbra.soap.ZimbraSoapContext)3