use of com.zimbra.cs.account.accesscontrol.TargetType in project zm-mailbox by Zimbra.
the class TestACLAll method expectedIsAttrRightGrantableOnTargetType.
private boolean expectedIsAttrRightGrantableOnTargetType(AttrRight attrRight, TargetType targetType) throws Exception {
Set<TargetType> rightTargets = attrRight.getTargetTypes();
// return true if *any* of the applicable target types for the right
// can inherit from targetType
Set<TargetType> validTypes = Sets.newHashSet();
for (TargetType rightTarget : rightTargets) {
collectGrantableTargetTypes(rightTarget, validTypes);
return validTypes.contains(targetType);
}
return false;
}
use of com.zimbra.cs.account.accesscontrol.TargetType in project zm-mailbox by Zimbra.
the class TestACLAll method getCreateObjectAttrs.
private EffectiveRights getCreateObjectAttrs(Account grantee, Entry target) {
EffectiveRights effRights = null;
boolean expectFailure = false;
try {
String domainName = TargetType.getTargetDomainName(prov, target);
TargetType targetType = TargetType.getTargetType(target);
expectFailure = !grantee.isIsDelegatedAdminAccount() || targetType == TargetType.config || targetType == TargetType.global;
effRights = RightCommand.getCreateObjectAttrs(prov, TargetType.getTargetType(target).getCode(), Key.DomainBy.name, domainName, null, null, GranteeBy.name, grantee.getName());
} catch (ServiceException e) {
if (!expectFailure) {
e.printStackTrace();
fail();
}
}
if (expectFailure) {
assertNull(effRights);
} else {
assertNotNull(effRights);
}
return effRights;
}
use of com.zimbra.cs.account.accesscontrol.TargetType in project zm-mailbox by Zimbra.
the class TestACLAll method setupTargetAndVerify.
private void setupTargetAndVerify(Domain domain, Entry grantedOnTarget, TargetType grantedOnTargetType, Right right, boolean fromComboRight, List<Account> allowedAccts, List<Account> deniedAccts, boolean grantWasValid) throws Exception {
// System.out.println("Right: " + right.getName());
List<Entry> goodTargets = Lists.newArrayList();
List<Entry> badTargets = Lists.newArrayList();
if (right.isPresetRight()) {
// including user right
TargetType targetTypeOfRight = right.getTargetType();
setupTarget(goodTargets, badTargets, domain, grantedOnTarget, grantedOnTargetType, targetTypeOfRight, right);
} else if (right.isAttrRight()) {
for (TargetType targetTypeOfRight : ((AttrRight) right).getTargetTypes()) {
setupTarget(goodTargets, badTargets, domain, grantedOnTarget, grantedOnTargetType, targetTypeOfRight, right);
}
} else {
fail();
}
//
for (Entry goodTarget : goodTargets) {
boolean canGrantBeInheritedForCreate = canGrantBeInheritedForCreate(grantedOnTarget, goodTarget);
verify(goodTarget, canGrantBeInheritedForCreate, allowedAccts, deniedAccts, right, fromComboRight, grantWasValid);
}
for (Entry badTarget : badTargets) {
boolean canGrantBeInheritedForCreate = canGrantBeInheritedForCreate(grantedOnTarget, badTarget);
verify(badTarget, canGrantBeInheritedForCreate, allowedAccts, deniedAccts, right, fromComboRight, false);
}
}
use of com.zimbra.cs.account.accesscontrol.TargetType in project zm-mailbox by Zimbra.
the class TestACLAll method canGrantBeInheritedForCreate.
/*
* returns if the grant is inherited,
* if the grant is granted on the target entry itself, it is not considered inherited.
*/
private boolean canGrantBeInheritedForCreate(Entry grantedOnTarget, Entry target) throws Exception {
TargetType targetType = TargetType.getTargetType(target);
TargetType grantedOnTargetType = TargetType.getTargetType(grantedOnTarget);
Set<TargetType> inheritableTypes = Sets.newHashSet();
switch(targetType) {
case account:
inheritableTypes.add(TargetType.domain);
inheritableTypes.add(TargetType.global);
break;
case calresource:
inheritableTypes.add(TargetType.domain);
inheritableTypes.add(TargetType.global);
break;
case cos:
inheritableTypes.add(TargetType.global);
break;
case dl:
inheritableTypes.add(TargetType.domain);
inheritableTypes.add(TargetType.global);
break;
case group:
inheritableTypes.add(TargetType.domain);
inheritableTypes.add(TargetType.global);
break;
case domain:
inheritableTypes.add(TargetType.global);
break;
case server:
inheritableTypes.add(TargetType.global);
break;
case alwaysoncluster:
inheritableTypes.add(TargetType.global);
break;
case ucservice:
inheritableTypes.add(TargetType.global);
break;
case xmppcomponent:
inheritableTypes.add(TargetType.global);
break;
case zimlet:
inheritableTypes.add(TargetType.global);
break;
case config:
inheritableTypes.add(TargetType.global);
break;
case global:
break;
default:
fail();
}
return inheritableTypes.contains(grantedOnTargetType);
}
use of com.zimbra.cs.account.accesscontrol.TargetType in project zm-mailbox by Zimbra.
the class TestACLEffectiveRights method getAllEffectiveRights.
@Test
public void getAllEffectiveRights() throws Exception {
Domain domain = provUtil.createDomain(genDomainSegmentName() + "." + BASE_DOMAIN_NAME);
Account target = provUtil.createAccount(genAcctNameLocalPart("user"), domain);
Account grantee = provUtil.createDelegatedAdmin(genAcctNameLocalPart("da"), domain);
Account grantingAccount = globalAdmin;
TargetType targetType = TargetType.getTargetType(target);
GranteeType granteeType = GranteeType.GT_USER;
Right right = ADMIN_PRESET_ACCOUNT;
RightCommand.grantRight(prov, grantingAccount, targetType.getCode(), TargetBy.name, target.getName(), granteeType.getCode(), GranteeBy.name, grantee.getName(), null, right.getName(), null);
AllEffectiveRights allEffRights = RightCommand.getAllEffectiveRights(prov, granteeType.getCode(), GranteeBy.name, grantee.getName(), false, false);
Map<TargetType, RightsByTargetType> rbttMap = allEffRights.rightsByTargetType();
RightsByTargetType rbtt = rbttMap.get(targetType);
boolean found = false;
for (RightCommand.RightAggregation rightsByEntries : rbtt.entries()) {
Set<String> targetNames = rightsByEntries.entries();
if (targetNames.contains(target.getName())) {
// this RightAggregation contains our target
// see if it contains out right
EffectiveRights effRights = rightsByEntries.effectiveRights();
List<String> presetRights = effRights.presetRights();
if (presetRights.contains(right.getName())) {
found = true;
}
}
}
assertTrue(found);
}
Aggregations