use of com.zimbra.cs.account.accesscontrol.TargetType in project zm-mailbox by Zimbra.
the class TestACLAll method testGrantee.
/*
* test a particular grantee type and a range of rights for all target types
*/
private void testGrantee() throws Exception {
SKIP_FOR_REAL_LDAP_SERVER(SkipTestReason.LONG_TEST);
/*
* TestGranteeType.GRANTEE_DYNAMIC_GROUP
* GT_USER
* GT_GROUP
* GT_EXT_GROUP
* GT_AUTHUSER
* GT_DOMAIN
* GT_GUEST
* GT_KEY
* GT_PUBLIC
*/
TestGranteeType granteeType = TestGranteeType.GRANTEE_DYNAMIC_GROUP;
// sRights.indexOf(ADMIN_COMBO_ACCOUNT); // inclusive
int beginRight = 0;
// inclusive
int endRight = rights.size() - 1;
int totalTests = TargetType.values().length * rights.size();
int curTest = 1;
for (TargetType targetType : TargetType.values()) {
for (Right right : rights) {
doTest((curTest++) + "/" + totalTests, targetType, granteeType, right, false);
}
}
}
use of com.zimbra.cs.account.accesscontrol.TargetType in project zm-mailbox by Zimbra.
the class TestACLAll method testRight.
/*
* test a particular right for all target types and grantee types
*/
private void testRight() throws Exception {
SKIP_FOR_REAL_LDAP_SERVER(SkipTestReason.LONG_TEST);
Right right = ACLTestUtil.ADMIN_COMBO_ACCOUNT;
int totalTests = TargetType.values().length * TestGranteeType.TEST_GRANTEE_TYPES.size() * rights.size();
int curTest = 1;
for (TargetType targetType : TargetType.values()) {
for (TestGranteeType granteeType : TestGranteeType.TEST_GRANTEE_TYPES) {
boolean skip = EXCLUDE_GRANTEE_TYPES.contains(granteeType.getCode());
doTest((curTest++) + "/" + totalTests, targetType, granteeType, right, skip);
}
}
}
use of com.zimbra.cs.account.accesscontrol.TargetType in project zm-mailbox by Zimbra.
the class TestACLAll method expectedIsUserRightGrantableOnTargetType.
private boolean expectedIsUserRightGrantableOnTargetType(UserRight userRight, TargetType targetType) throws Exception {
TargetType rightTarget = userRight.getTargetType();
TargetType rightGrantTarget = userRight.getGrantTargetType();
switch(rightTarget) {
case account:
if (rightGrantTarget == null) {
return targetType == TargetType.account || targetType == TargetType.calresource || targetType == TargetType.dl || targetType == TargetType.group || targetType == TargetType.domain || targetType == TargetType.global;
} else if (rightGrantTarget == TargetType.account) {
return targetType == TargetType.account || targetType == TargetType.calresource;
} else if (rightGrantTarget == TargetType.dl) {
return targetType == TargetType.dl || targetType == TargetType.group;
} else if (rightGrantTarget == TargetType.domain) {
return targetType == TargetType.domain;
} else if (rightGrantTarget == TargetType.global) {
return targetType == TargetType.global;
} else {
return false;
}
case calresource:
fail();
case cos:
fail();
case dl:
if (rightGrantTarget == null) {
return targetType == TargetType.dl || targetType == TargetType.group || targetType == TargetType.domain || targetType == TargetType.global;
} else if (rightGrantTarget == TargetType.dl) {
return targetType == TargetType.dl || targetType == TargetType.group;
} else if (rightGrantTarget == TargetType.domain) {
return targetType == TargetType.domain;
} else if (rightGrantTarget == TargetType.global) {
return targetType == TargetType.global;
} else {
return false;
}
case domain:
if (rightGrantTarget == null) {
return targetType == TargetType.domain || targetType == TargetType.global;
} else if (rightGrantTarget == TargetType.global) {
return targetType == TargetType.global;
} else {
return false;
}
case group:
case server:
case alwaysoncluster:
case ucservice:
case xmppcomponent:
case zimlet:
case config:
case global:
default:
fail();
}
return false;
}
use of com.zimbra.cs.account.accesscontrol.TargetType in project zm-mailbox by Zimbra.
the class CheckRights method handle.
@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
ZimbraSoapContext zsc = getZimbraSoapContext(context);
Provisioning prov = Provisioning.getInstance();
List<RequestedTarget> requestedTargets = Lists.newArrayList();
for (Element eTarget : request.listElements(AccountConstants.E_TARGET)) {
TargetType targetType = TargetType.fromCode(eTarget.getAttribute(AccountConstants.A_TYPE));
TargetBy targetBy = TargetBy.fromString(eTarget.getAttribute(AccountConstants.A_BY));
String key = eTarget.getAttribute(AccountConstants.A_KEY);
Entry entry = findEntry(prov, targetType, targetBy, key);
RequestedTarget target = new RequestedTarget(entry, targetType, targetBy, key);
requestedTargets.add(target);
for (Element eRight : eTarget.listElements(AccountConstants.E_RIGHT)) {
// can only be user right, not admim rights
target.addRight(RightManager.getInstance().getUserRight(eRight.getText()));
}
if (target.getRights().size() == 0) {
throw ServiceException.INVALID_REQUEST("missing right for target: " + key, null);
}
}
Element response = zsc.createElement(AccountConstants.CHECK_RIGHTS_RESPONSE);
AccessManager accessMgr = AccessManager.getInstance();
for (RequestedTarget target : requestedTargets) {
Entry targetEntry = target.getTargetEntry();
Element eTarget = response.addElement(AccountConstants.E_TARGET);
eTarget.addAttribute(AccountConstants.A_TYPE, target.getTargetType().getCode());
eTarget.addAttribute(AccountConstants.A_BY, target.getTargetBy().name());
eTarget.addAttribute(AccountConstants.A_KEY, target.getTargetKey());
boolean combinedResult = true;
for (UserRight right : target.getRights()) {
boolean allow = accessMgr.canDo(zsc.getAuthToken(), targetEntry, right, false);
if (allow && DiscoverRights.isDelegatedSendRight(right) && TargetBy.name == target.getTargetBy()) {
allow = AccountUtil.isAllowedSendAddress((NamedEntry) targetEntry, target.getTargetKey());
}
eTarget.addElement(AccountConstants.E_RIGHT).addAttribute(AccountConstants.A_ALLOW, allow).setText(right.getName());
combinedResult = combinedResult & allow;
}
eTarget.addAttribute(AccountConstants.A_ALLOW, combinedResult);
}
return response;
}
use of com.zimbra.cs.account.accesscontrol.TargetType in project zm-mailbox by Zimbra.
the class DiscoverRights method discoverRights.
public static void discoverRights(Account account, Set<Right> rights, Element eParent, boolean onMaster) throws ServiceException {
AccessManager accessMgr = AccessManager.getInstance();
Map<Right, Set<Entry>> discoveredRights = accessMgr.discoverUserRights(account, rights, onMaster);
Locale locale = account.getLocale();
for (Map.Entry<Right, Set<Entry>> targetsForRight : discoveredRights.entrySet()) {
Right right = targetsForRight.getKey();
Set<Entry> targets = targetsForRight.getValue();
List<Entry> sortedTargets = Entry.sortByDisplayName(targets, locale);
boolean isDelegatedSendRight = isDelegatedSendRight(right);
Element eTargets = eParent.addElement(AccountConstants.E_TARGETS);
eTargets.addAttribute(AccountConstants.A_RIGHT, right.getName());
for (Entry target : sortedTargets) {
TargetType targetType = TargetType.getTargetType(target);
Element eTarget = eTargets.addElement(AccountConstants.E_TARGET);
eTarget.addAttribute(AccountConstants.A_TYPE, targetType.getCode());
if (isDelegatedSendRight) {
if (target instanceof Account || target instanceof Group) {
String[] addrs = AccountUtil.getAllowedSendAddresses((NamedEntry) target);
NamedEntry entry = (NamedEntry) target;
for (String addr : addrs) {
Element eEmail = eTarget.addElement(AccountConstants.E_EMAIL);
eEmail.addAttribute(AccountConstants.A_ADDR, addr);
}
if (target instanceof Account) {
eTarget.addAttribute(AccountConstants.A_DISPLAY, ((Account) entry).getDisplayName());
} else if (target instanceof Group) {
eTarget.addAttribute(AccountConstants.A_DISPLAY, ((Group) entry).getDisplayName());
}
} else {
throw ServiceException.FAILURE("internal error, target for " + " delegated send rights must be account or group", null);
}
} else {
if (target instanceof NamedEntry) {
NamedEntry entry = (NamedEntry) target;
eTarget.addAttribute(AccountConstants.A_ID, entry.getId());
eTarget.addAttribute(AccountConstants.A_NAME, entry.getName());
if (target instanceof Account) {
eTarget.addAttribute(AccountConstants.A_DISPLAY, ((Account) entry).getDisplayName());
} else if (target instanceof Group) {
eTarget.addAttribute(AccountConstants.A_DISPLAY, ((Group) entry).getDisplayName());
}
} else {
eTarget.addAttribute(AccountConstants.A_NAME, target.getLabel());
}
}
}
}
}
Aggregations