Search in sources :

Example 11 with TargetType

use of com.zimbra.cs.account.accesscontrol.TargetType in project zm-mailbox by Zimbra.

the class TestACLAll method expectedIsAttrRightGrantableOnTargetType.

private boolean expectedIsAttrRightGrantableOnTargetType(AttrRight attrRight, TargetType targetType) throws Exception {
    Set<TargetType> rightTargets = attrRight.getTargetTypes();
    // return true if *any* of the applicable target types for the right
    // can inherit from targetType
    Set<TargetType> validTypes = Sets.newHashSet();
    for (TargetType rightTarget : rightTargets) {
        collectGrantableTargetTypes(rightTarget, validTypes);
        return validTypes.contains(targetType);
    }
    return false;
}
Also used : TargetType(com.zimbra.cs.account.accesscontrol.TargetType) RightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.RightsByTargetType) DomainedRightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.DomainedRightsByTargetType)

Example 12 with TargetType

use of com.zimbra.cs.account.accesscontrol.TargetType in project zm-mailbox by Zimbra.

the class TestACLAll method getCreateObjectAttrs.

private EffectiveRights getCreateObjectAttrs(Account grantee, Entry target) {
    EffectiveRights effRights = null;
    boolean expectFailure = false;
    try {
        String domainName = TargetType.getTargetDomainName(prov, target);
        TargetType targetType = TargetType.getTargetType(target);
        expectFailure = !grantee.isIsDelegatedAdminAccount() || targetType == TargetType.config || targetType == TargetType.global;
        effRights = RightCommand.getCreateObjectAttrs(prov, TargetType.getTargetType(target).getCode(), Key.DomainBy.name, domainName, null, null, GranteeBy.name, grantee.getName());
    } catch (ServiceException e) {
        if (!expectFailure) {
            e.printStackTrace();
            fail();
        }
    }
    if (expectFailure) {
        assertNull(effRights);
    } else {
        assertNotNull(effRights);
    }
    return effRights;
}
Also used : AllEffectiveRights(com.zimbra.cs.account.accesscontrol.RightCommand.AllEffectiveRights) EffectiveRights(com.zimbra.cs.account.accesscontrol.RightCommand.EffectiveRights) ServiceException(com.zimbra.common.service.ServiceException) TargetType(com.zimbra.cs.account.accesscontrol.TargetType) RightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.RightsByTargetType) DomainedRightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.DomainedRightsByTargetType)

Example 13 with TargetType

use of com.zimbra.cs.account.accesscontrol.TargetType in project zm-mailbox by Zimbra.

the class TestACLAll method setupTargetAndVerify.

private void setupTargetAndVerify(Domain domain, Entry grantedOnTarget, TargetType grantedOnTargetType, Right right, boolean fromComboRight, List<Account> allowedAccts, List<Account> deniedAccts, boolean grantWasValid) throws Exception {
    // System.out.println("Right: " + right.getName());
    List<Entry> goodTargets = Lists.newArrayList();
    List<Entry> badTargets = Lists.newArrayList();
    if (right.isPresetRight()) {
        // including user right
        TargetType targetTypeOfRight = right.getTargetType();
        setupTarget(goodTargets, badTargets, domain, grantedOnTarget, grantedOnTargetType, targetTypeOfRight, right);
    } else if (right.isAttrRight()) {
        for (TargetType targetTypeOfRight : ((AttrRight) right).getTargetTypes()) {
            setupTarget(goodTargets, badTargets, domain, grantedOnTarget, grantedOnTargetType, targetTypeOfRight, right);
        }
    } else {
        fail();
    }
    //
    for (Entry goodTarget : goodTargets) {
        boolean canGrantBeInheritedForCreate = canGrantBeInheritedForCreate(grantedOnTarget, goodTarget);
        verify(goodTarget, canGrantBeInheritedForCreate, allowedAccts, deniedAccts, right, fromComboRight, grantWasValid);
    }
    for (Entry badTarget : badTargets) {
        boolean canGrantBeInheritedForCreate = canGrantBeInheritedForCreate(grantedOnTarget, badTarget);
        verify(badTarget, canGrantBeInheritedForCreate, allowedAccts, deniedAccts, right, fromComboRight, false);
    }
}
Also used : NamedEntry(com.zimbra.cs.account.NamedEntry) Entry(com.zimbra.cs.account.Entry) TargetType(com.zimbra.cs.account.accesscontrol.TargetType) RightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.RightsByTargetType) DomainedRightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.DomainedRightsByTargetType)

Example 14 with TargetType

use of com.zimbra.cs.account.accesscontrol.TargetType in project zm-mailbox by Zimbra.

the class TestACLAll method canGrantBeInheritedForCreate.

/*
     * returns if the grant is inherited,
     * if the grant is granted on the target entry itself, it is not considered inherited.
     */
private boolean canGrantBeInheritedForCreate(Entry grantedOnTarget, Entry target) throws Exception {
    TargetType targetType = TargetType.getTargetType(target);
    TargetType grantedOnTargetType = TargetType.getTargetType(grantedOnTarget);
    Set<TargetType> inheritableTypes = Sets.newHashSet();
    switch(targetType) {
        case account:
            inheritableTypes.add(TargetType.domain);
            inheritableTypes.add(TargetType.global);
            break;
        case calresource:
            inheritableTypes.add(TargetType.domain);
            inheritableTypes.add(TargetType.global);
            break;
        case cos:
            inheritableTypes.add(TargetType.global);
            break;
        case dl:
            inheritableTypes.add(TargetType.domain);
            inheritableTypes.add(TargetType.global);
            break;
        case group:
            inheritableTypes.add(TargetType.domain);
            inheritableTypes.add(TargetType.global);
            break;
        case domain:
            inheritableTypes.add(TargetType.global);
            break;
        case server:
            inheritableTypes.add(TargetType.global);
            break;
        case alwaysoncluster:
            inheritableTypes.add(TargetType.global);
            break;
        case ucservice:
            inheritableTypes.add(TargetType.global);
            break;
        case xmppcomponent:
            inheritableTypes.add(TargetType.global);
            break;
        case zimlet:
            inheritableTypes.add(TargetType.global);
            break;
        case config:
            inheritableTypes.add(TargetType.global);
            break;
        case global:
            break;
        default:
            fail();
    }
    return inheritableTypes.contains(grantedOnTargetType);
}
Also used : TargetType(com.zimbra.cs.account.accesscontrol.TargetType) RightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.RightsByTargetType) DomainedRightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.DomainedRightsByTargetType)

Example 15 with TargetType

use of com.zimbra.cs.account.accesscontrol.TargetType in project zm-mailbox by Zimbra.

the class TestACLEffectiveRights method getAllEffectiveRights.

@Test
public void getAllEffectiveRights() throws Exception {
    Domain domain = provUtil.createDomain(genDomainSegmentName() + "." + BASE_DOMAIN_NAME);
    Account target = provUtil.createAccount(genAcctNameLocalPart("user"), domain);
    Account grantee = provUtil.createDelegatedAdmin(genAcctNameLocalPart("da"), domain);
    Account grantingAccount = globalAdmin;
    TargetType targetType = TargetType.getTargetType(target);
    GranteeType granteeType = GranteeType.GT_USER;
    Right right = ADMIN_PRESET_ACCOUNT;
    RightCommand.grantRight(prov, grantingAccount, targetType.getCode(), TargetBy.name, target.getName(), granteeType.getCode(), GranteeBy.name, grantee.getName(), null, right.getName(), null);
    AllEffectiveRights allEffRights = RightCommand.getAllEffectiveRights(prov, granteeType.getCode(), GranteeBy.name, grantee.getName(), false, false);
    Map<TargetType, RightsByTargetType> rbttMap = allEffRights.rightsByTargetType();
    RightsByTargetType rbtt = rbttMap.get(targetType);
    boolean found = false;
    for (RightCommand.RightAggregation rightsByEntries : rbtt.entries()) {
        Set<String> targetNames = rightsByEntries.entries();
        if (targetNames.contains(target.getName())) {
            // this RightAggregation contains our target
            // see if it contains out right
            EffectiveRights effRights = rightsByEntries.effectiveRights();
            List<String> presetRights = effRights.presetRights();
            if (presetRights.contains(right.getName())) {
                found = true;
            }
        }
    }
    assertTrue(found);
}
Also used : Account(com.zimbra.cs.account.Account) GranteeType(com.zimbra.cs.account.accesscontrol.GranteeType) EffectiveRights(com.zimbra.cs.account.accesscontrol.RightCommand.EffectiveRights) AllEffectiveRights(com.zimbra.cs.account.accesscontrol.RightCommand.AllEffectiveRights) AllEffectiveRights(com.zimbra.cs.account.accesscontrol.RightCommand.AllEffectiveRights) InlineAttrRight(com.zimbra.cs.account.accesscontrol.InlineAttrRight) Right(com.zimbra.cs.account.accesscontrol.Right) RightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.RightsByTargetType) RightsByTargetType(com.zimbra.cs.account.accesscontrol.RightCommand.RightsByTargetType) TargetType(com.zimbra.cs.account.accesscontrol.TargetType) RightCommand(com.zimbra.cs.account.accesscontrol.RightCommand) Domain(com.zimbra.cs.account.Domain) Test(org.junit.Test)

Aggregations

TargetType (com.zimbra.cs.account.accesscontrol.TargetType)23 RightsByTargetType (com.zimbra.cs.account.accesscontrol.RightCommand.RightsByTargetType)13 DomainedRightsByTargetType (com.zimbra.cs.account.accesscontrol.RightCommand.DomainedRightsByTargetType)11 Right (com.zimbra.cs.account.accesscontrol.Right)7 UserRight (com.zimbra.cs.account.accesscontrol.UserRight)7 Element (com.zimbra.common.soap.Element)6 Account (com.zimbra.cs.account.Account)4 Entry (com.zimbra.cs.account.Entry)4 NamedEntry (com.zimbra.cs.account.NamedEntry)4 Provisioning (com.zimbra.cs.account.Provisioning)4 AttrRight (com.zimbra.cs.account.accesscontrol.AttrRight)4 CheckRight (com.zimbra.cs.account.accesscontrol.CheckRight)4 ComboRight (com.zimbra.cs.account.accesscontrol.ComboRight)4 PresetRight (com.zimbra.cs.account.accesscontrol.PresetRight)4 RightCommand (com.zimbra.cs.account.accesscontrol.RightCommand)4 AllEffectiveRights (com.zimbra.cs.account.accesscontrol.RightCommand.AllEffectiveRights)4 EffectiveRights (com.zimbra.cs.account.accesscontrol.RightCommand.EffectiveRights)4 Map (java.util.Map)4 AccessManager (com.zimbra.cs.account.AccessManager)3 ZimbraSoapContext (com.zimbra.soap.ZimbraSoapContext)3