Examples with UserRight com.zimbra.cs.account.accesscontrol.UserRight used on opensource projects

Search in sources :

Example 1 with UserRight

use of com.zimbra.cs.account.accesscontrol.UserRight in project zm-mailbox by Zimbra.

the class DiscoverRights method handle.

@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
    ZimbraSoapContext zsc = getZimbraSoapContext(context);
    Account account = getRequestedAccount(zsc);
    if (!canAccessAccount(zsc, account)) {
        throw ServiceException.PERM_DENIED("can not access account");
    }
    RightManager rightMgr = RightManager.getInstance();
    Set<Right> rights = Sets.newHashSet();
    for (Element eRight : request.listElements(AccountConstants.E_RIGHT)) {
        UserRight r = rightMgr.getUserRight(eRight.getText());
        rights.add(r);
    }
    if (rights.size() == 0) {
        throw ServiceException.INVALID_REQUEST("no right is specified", null);
    }
    Element response = zsc.createElement(AccountConstants.DISCOVER_RIGHTS_RESPONSE);
    discoverRights(account, rights, response, true);
    return response;
}
Also used : Account(com.zimbra.cs.account.Account) UserRight(com.zimbra.cs.account.accesscontrol.UserRight) ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext) RightManager(com.zimbra.cs.account.accesscontrol.RightManager) Element(com.zimbra.common.soap.Element) UserRight(com.zimbra.cs.account.accesscontrol.UserRight) Right(com.zimbra.cs.account.accesscontrol.Right)

Example 2 with UserRight

use of com.zimbra.cs.account.accesscontrol.UserRight in project zm-mailbox by Zimbra.

the class CheckPermission method handle.

public Element handle(Element request, Map<String, Object> context) throws ServiceException {
    ZimbraSoapContext zsc = getZimbraSoapContext(context);
    Provisioning prov = Provisioning.getInstance();
    Element eTarget = request.getElement(MailConstants.E_TARGET);
    String targetType = eTarget.getAttribute(MailConstants.A_TARGET_TYPE);
    TargetType tt = TargetType.fromCode(targetType);
    String targetBy = eTarget.getAttribute(MailConstants.A_TARGET_BY);
    String targetValue = eTarget.getText();
    NamedEntry entry = null;
    Element response = zsc.createElement(MailConstants.CHECK_PERMISSION_RESPONSE);
    if (TargetType.account == tt) {
        AccountBy acctBy = AccountBy.fromString(targetBy);
        entry = prov.get(acctBy, targetValue, zsc.getAuthToken());
        if (entry == null && acctBy == AccountBy.id) {
            throw AccountServiceException.NO_SUCH_ACCOUNT(targetValue);
        }
    // otherwise, the target could be an external user, let it fall through
    // to return the default permission.
    } else if (TargetType.calresource == tt) {
        Key.CalendarResourceBy crBy = Key.CalendarResourceBy.fromString(targetBy);
        entry = prov.get(crBy, targetValue);
        if (entry == null && crBy == Key.CalendarResourceBy.id) {
            throw AccountServiceException.NO_SUCH_CALENDAR_RESOURCE(targetValue);
        }
    } else if (TargetType.dl == tt) {
        Key.DistributionListBy dlBy = Key.DistributionListBy.fromString(targetBy);
        entry = prov.getGroupBasic(dlBy, targetValue);
        if (entry == null && dlBy == Key.DistributionListBy.id) {
            throw AccountServiceException.NO_SUCH_CALENDAR_RESOURCE(targetValue);
        }
    } else {
        throw ServiceException.INVALID_REQUEST("invalid target type: " + targetType, null);
    }
    List<UserRight> rights = new ArrayList<UserRight>();
    for (Element eRight : request.listElements(MailConstants.E_RIGHT)) {
        UserRight r = RightManager.getInstance().getUserRight(eRight.getText());
        rights.add(r);
    }
    boolean finalResult = true;
    AccessManager am = AccessManager.getInstance();
    for (UserRight right : rights) {
        boolean allow = am.canDo(zsc.getAuthToken(), entry, right, false);
        if (allow && DiscoverRights.isDelegatedSendRight(right) && TargetBy.name.name().equals(targetBy)) {
            allow = AccountUtil.isAllowedSendAddress(entry, targetValue);
        }
        response.addElement(MailConstants.E_RIGHT).addAttribute(MailConstants.A_ALLOW, allow).setText(right.getName());
        finalResult = finalResult & allow;
    }
    return returnResponse(response, finalResult);
}
Also used : AccessManager(com.zimbra.cs.account.AccessManager) UserRight(com.zimbra.cs.account.accesscontrol.UserRight) Element(com.zimbra.common.soap.Element) ArrayList(java.util.ArrayList) Provisioning(com.zimbra.cs.account.Provisioning) AccountBy(com.zimbra.common.account.Key.AccountBy) NamedEntry(com.zimbra.cs.account.NamedEntry) ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext) TargetType(com.zimbra.cs.account.accesscontrol.TargetType) Key(com.zimbra.common.account.Key)

Example 3 with UserRight

use of com.zimbra.cs.account.accesscontrol.UserRight in project zm-mailbox by Zimbra.

the class CheckRights method handle.

@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
    ZimbraSoapContext zsc = getZimbraSoapContext(context);
    Provisioning prov = Provisioning.getInstance();
    List<RequestedTarget> requestedTargets = Lists.newArrayList();
    for (Element eTarget : request.listElements(AccountConstants.E_TARGET)) {
        TargetType targetType = TargetType.fromCode(eTarget.getAttribute(AccountConstants.A_TYPE));
        TargetBy targetBy = TargetBy.fromString(eTarget.getAttribute(AccountConstants.A_BY));
        String key = eTarget.getAttribute(AccountConstants.A_KEY);
        Entry entry = findEntry(prov, targetType, targetBy, key);
        RequestedTarget target = new RequestedTarget(entry, targetType, targetBy, key);
        requestedTargets.add(target);
        for (Element eRight : eTarget.listElements(AccountConstants.E_RIGHT)) {
            // can only be user right, not admim rights
            target.addRight(RightManager.getInstance().getUserRight(eRight.getText()));
        }
        if (target.getRights().size() == 0) {
            throw ServiceException.INVALID_REQUEST("missing right for target: " + key, null);
        }
    }
    Element response = zsc.createElement(AccountConstants.CHECK_RIGHTS_RESPONSE);
    AccessManager accessMgr = AccessManager.getInstance();
    for (RequestedTarget target : requestedTargets) {
        Entry targetEntry = target.getTargetEntry();
        Element eTarget = response.addElement(AccountConstants.E_TARGET);
        eTarget.addAttribute(AccountConstants.A_TYPE, target.getTargetType().getCode());
        eTarget.addAttribute(AccountConstants.A_BY, target.getTargetBy().name());
        eTarget.addAttribute(AccountConstants.A_KEY, target.getTargetKey());
        boolean combinedResult = true;
        for (UserRight right : target.getRights()) {
            boolean allow = accessMgr.canDo(zsc.getAuthToken(), targetEntry, right, false);
            if (allow && DiscoverRights.isDelegatedSendRight(right) && TargetBy.name == target.getTargetBy()) {
                allow = AccountUtil.isAllowedSendAddress((NamedEntry) targetEntry, target.getTargetKey());
            }
            eTarget.addElement(AccountConstants.E_RIGHT).addAttribute(AccountConstants.A_ALLOW, allow).setText(right.getName());
            combinedResult = combinedResult & allow;
        }
        eTarget.addAttribute(AccountConstants.A_ALLOW, combinedResult);
    }
    return response;
}
Also used : AccessManager(com.zimbra.cs.account.AccessManager) UserRight(com.zimbra.cs.account.accesscontrol.UserRight) Element(com.zimbra.common.soap.Element) TargetBy(com.zimbra.soap.type.TargetBy) Provisioning(com.zimbra.cs.account.Provisioning) NamedEntry(com.zimbra.cs.account.NamedEntry) NamedEntry(com.zimbra.cs.account.NamedEntry) Entry(com.zimbra.cs.account.Entry) ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext) TargetType(com.zimbra.cs.account.accesscontrol.TargetType)

Aggregations

Element (com.zimbra.common.soap.Element)3 UserRight (com.zimbra.cs.account.accesscontrol.UserRight)3 ZimbraSoapContext (com.zimbra.soap.ZimbraSoapContext)3 AccessManager (com.zimbra.cs.account.AccessManager)2 NamedEntry (com.zimbra.cs.account.NamedEntry)2 Provisioning (com.zimbra.cs.account.Provisioning)2 TargetType (com.zimbra.cs.account.accesscontrol.TargetType)2 Key (com.zimbra.common.account.Key)1 AccountBy (com.zimbra.common.account.Key.AccountBy)1 Account (com.zimbra.cs.account.Account)1 Entry (com.zimbra.cs.account.Entry)1 Right (com.zimbra.cs.account.accesscontrol.Right)1 RightManager (com.zimbra.cs.account.accesscontrol.RightManager)1 TargetBy (com.zimbra.soap.type.TargetBy)1 ArrayList (java.util.ArrayList)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial