Search in sources :

Example 6 with ZimbraACE

use of com.zimbra.cs.account.accesscontrol.ZimbraACE in project zm-mailbox by Zimbra.

the class RevokeRights method handle.

@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
    ZimbraSoapContext zsc = getZimbraSoapContext(context);
    Account account = getRequestedAccount(zsc);
    if (!canAccessAccount(zsc, account)) {
        throw ServiceException.PERM_DENIED("can not access account");
    }
    Set<ZimbraACE> aces = new HashSet<ZimbraACE>();
    for (Element eACE : request.listElements(AccountConstants.E_ACE)) {
        ZimbraACE ace = GrantRights.handleACE(eACE, zsc, false);
        aces.add(ace);
    }
    // TODO, change to Provisioning.grantPermission?
    List<ZimbraACE> revoked = ACLUtil.revokeRight(Provisioning.getInstance(), account, aces);
    Element response = zsc.createElement(AccountConstants.REVOKE_RIGHTS_RESPONSE);
    if (aces != null) {
        for (ZimbraACE ace : revoked) {
            ToXML.encodeACE(response, ace);
        }
    }
    return response;
}
Also used : ZimbraACE(com.zimbra.cs.account.accesscontrol.ZimbraACE) Account(com.zimbra.cs.account.Account) ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext) Element(com.zimbra.common.soap.Element) HashSet(java.util.HashSet)

Example 7 with ZimbraACE

use of com.zimbra.cs.account.accesscontrol.ZimbraACE in project zm-mailbox by Zimbra.

the class GetRights method handle.

@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
    ZimbraSoapContext zsc = getZimbraSoapContext(context);
    Account account = getRequestedAccount(zsc);
    if (!canAccessAccount(zsc, account)) {
        throw ServiceException.PERM_DENIED("can not access account");
    }
    Set<Right> specificRights = null;
    for (Element eACE : request.listElements(AccountConstants.E_ACE)) {
        if (specificRights == null)
            specificRights = new HashSet<Right>();
        specificRights.add(RightManager.getInstance().getUserRight(eACE.getAttribute(AccountConstants.A_RIGHT)));
    }
    List<ZimbraACE> aces = (specificRights == null) ? ACLUtil.getAllACEs(account) : ACLUtil.getACEs(account, specificRights);
    Element response = zsc.createElement(AccountConstants.GET_RIGHTS_RESPONSE);
    if (aces != null) {
        for (ZimbraACE ace : aces) {
            ToXML.encodeACE(response, ace);
        }
    }
    return response;
}
Also used : ZimbraACE(com.zimbra.cs.account.accesscontrol.ZimbraACE) Account(com.zimbra.cs.account.Account) ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext) Element(com.zimbra.common.soap.Element) Right(com.zimbra.cs.account.accesscontrol.Right) HashSet(java.util.HashSet)

Example 8 with ZimbraACE

use of com.zimbra.cs.account.accesscontrol.ZimbraACE in project zm-mailbox by Zimbra.

the class GetPermission method handle.

@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
    ZimbraSoapContext zsc = getZimbraSoapContext(context);
    Account account = getRequestedAccount(zsc);
    if (!canAccessAccount(zsc, account))
        throw ServiceException.PERM_DENIED("can not access account");
    Set<Right> specificRights = null;
    for (Element eACE : request.listElements(MailConstants.E_ACE)) {
        if (specificRights == null)
            specificRights = new HashSet<Right>();
        specificRights.add(RightManager.getInstance().getUserRight(eACE.getAttribute(MailConstants.A_RIGHT)));
    }
    List<ZimbraACE> aces = (specificRights == null) ? ACLUtil.getAllACEs(account) : ACLUtil.getACEs(account, specificRights);
    Element response = zsc.createElement(MailConstants.GET_PERMISSION_RESPONSE);
    if (aces != null) {
        for (ZimbraACE ace : aces) ToXML.encodeACE(response, ace);
    }
    return response;
}
Also used : ZimbraACE(com.zimbra.cs.account.accesscontrol.ZimbraACE) Account(com.zimbra.cs.account.Account) ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext) Element(com.zimbra.common.soap.Element) Right(com.zimbra.cs.account.accesscontrol.Right) HashSet(java.util.HashSet)

Example 9 with ZimbraACE

use of com.zimbra.cs.account.accesscontrol.ZimbraACE in project zm-mailbox by Zimbra.

the class GrantPermission method handle.

@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
    ZimbraSoapContext zsc = getZimbraSoapContext(context);
    Account account = getRequestedAccount(zsc);
    if (!canAccessAccount(zsc, account))
        throw ServiceException.PERM_DENIED("can not access account");
    Set<ZimbraACE> aces = new HashSet<ZimbraACE>();
    for (Element eACE : request.listElements(MailConstants.E_ACE)) {
        ZimbraACE ace = handleACE(eACE, zsc, true);
        aces.add(ace);
    }
    List<ZimbraACE> granted = ACLUtil.grantRight(Provisioning.getInstance(), account, aces);
    Element response = zsc.createElement(MailConstants.GRANT_PERMISSION_RESPONSE);
    if (aces != null) {
        for (ZimbraACE ace : granted) ToXML.encodeACE(response, ace);
    }
    return response;
}
Also used : ZimbraACE(com.zimbra.cs.account.accesscontrol.ZimbraACE) GuestAccount(com.zimbra.cs.account.GuestAccount) Account(com.zimbra.cs.account.Account) ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext) Element(com.zimbra.common.soap.Element) HashSet(java.util.HashSet)

Example 10 with ZimbraACE

use of com.zimbra.cs.account.accesscontrol.ZimbraACE in project zm-mailbox by Zimbra.

the class TestACL method grantRight.

/*
     * utility methods to grant/revoke right
     *
     * To simulate how grants are done in the real server/zmprov, we first call TargetType.lookupTarget to
     * "look for" the taret, then use the returned entry instead of giving the target entry passed in
     * directly to RightUtil.
     *
     * This is for testing user rights, which goes to RightUtil directly (i.e. not through RightCommand)
     *
     */
protected List<ZimbraACE> grantRight(TargetType targetType, Entry target, Set<ZimbraACE> aces) throws ServiceException {
    /*
         * make sure all rights are user right, tests written earlier could still be using
         * this to grant
         */
    for (ZimbraACE ace : aces) {
        assertTrue(ace.getRight().isUserRight());
    }
    Entry targetEntry;
    if (target instanceof Zimlet) {
        // must be by name
        String targetName = ((Zimlet) target).getName();
        targetEntry = TargetType.lookupTarget(mProv, targetType, TargetBy.name, targetName);
    } else {
        String targetId = (target instanceof NamedEntry) ? ((NamedEntry) target).getId() : null;
        targetEntry = TargetType.lookupTarget(mProv, targetType, TargetBy.id, targetId);
    }
    return ACLUtil.grantRight(mProv, targetEntry, aces);
}
Also used : ZimbraACE(com.zimbra.cs.account.accesscontrol.ZimbraACE) NamedEntry(com.zimbra.cs.account.NamedEntry) NamedEntry(com.zimbra.cs.account.NamedEntry) CacheEntry(com.zimbra.cs.account.Provisioning.CacheEntry) Entry(com.zimbra.cs.account.Entry) Zimlet(com.zimbra.cs.account.Zimlet)

Aggregations

ZimbraACE (com.zimbra.cs.account.accesscontrol.ZimbraACE)11 Account (com.zimbra.cs.account.Account)7 HashSet (java.util.HashSet)7 Element (com.zimbra.common.soap.Element)6 ZimbraSoapContext (com.zimbra.soap.ZimbraSoapContext)6 Right (com.zimbra.cs.account.accesscontrol.Right)5 NamedEntry (com.zimbra.cs.account.NamedEntry)4 ServiceException (com.zimbra.common.service.ServiceException)2 AccountServiceException (com.zimbra.cs.account.AccountServiceException)2 DistributionList (com.zimbra.cs.account.DistributionList)2 Entry (com.zimbra.cs.account.Entry)2 GuestAccount (com.zimbra.cs.account.GuestAccount)2 Zimlet (com.zimbra.cs.account.Zimlet)2 GranteeType (com.zimbra.cs.account.accesscontrol.GranteeType)2 RightModifier (com.zimbra.cs.account.accesscontrol.RightModifier)2 JavaMailInternetAddress (com.zimbra.common.mime.shim.JavaMailInternetAddress)1 Group (com.zimbra.cs.account.Group)1 MockProvisioning (com.zimbra.cs.account.MockProvisioning)1 Provisioning (com.zimbra.cs.account.Provisioning)1 CacheEntry (com.zimbra.cs.account.Provisioning.CacheEntry)1