use of com.zimbra.cs.account.accesscontrol.ZimbraACE in project zm-mailbox by Zimbra.
the class RevokeRights method handle.
@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
ZimbraSoapContext zsc = getZimbraSoapContext(context);
Account account = getRequestedAccount(zsc);
if (!canAccessAccount(zsc, account)) {
throw ServiceException.PERM_DENIED("can not access account");
}
Set<ZimbraACE> aces = new HashSet<ZimbraACE>();
for (Element eACE : request.listElements(AccountConstants.E_ACE)) {
ZimbraACE ace = GrantRights.handleACE(eACE, zsc, false);
aces.add(ace);
}
// TODO, change to Provisioning.grantPermission?
List<ZimbraACE> revoked = ACLUtil.revokeRight(Provisioning.getInstance(), account, aces);
Element response = zsc.createElement(AccountConstants.REVOKE_RIGHTS_RESPONSE);
if (aces != null) {
for (ZimbraACE ace : revoked) {
ToXML.encodeACE(response, ace);
}
}
return response;
}
use of com.zimbra.cs.account.accesscontrol.ZimbraACE in project zm-mailbox by Zimbra.
the class GetRights method handle.
@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
ZimbraSoapContext zsc = getZimbraSoapContext(context);
Account account = getRequestedAccount(zsc);
if (!canAccessAccount(zsc, account)) {
throw ServiceException.PERM_DENIED("can not access account");
}
Set<Right> specificRights = null;
for (Element eACE : request.listElements(AccountConstants.E_ACE)) {
if (specificRights == null)
specificRights = new HashSet<Right>();
specificRights.add(RightManager.getInstance().getUserRight(eACE.getAttribute(AccountConstants.A_RIGHT)));
}
List<ZimbraACE> aces = (specificRights == null) ? ACLUtil.getAllACEs(account) : ACLUtil.getACEs(account, specificRights);
Element response = zsc.createElement(AccountConstants.GET_RIGHTS_RESPONSE);
if (aces != null) {
for (ZimbraACE ace : aces) {
ToXML.encodeACE(response, ace);
}
}
return response;
}
use of com.zimbra.cs.account.accesscontrol.ZimbraACE in project zm-mailbox by Zimbra.
the class GetPermission method handle.
@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
ZimbraSoapContext zsc = getZimbraSoapContext(context);
Account account = getRequestedAccount(zsc);
if (!canAccessAccount(zsc, account))
throw ServiceException.PERM_DENIED("can not access account");
Set<Right> specificRights = null;
for (Element eACE : request.listElements(MailConstants.E_ACE)) {
if (specificRights == null)
specificRights = new HashSet<Right>();
specificRights.add(RightManager.getInstance().getUserRight(eACE.getAttribute(MailConstants.A_RIGHT)));
}
List<ZimbraACE> aces = (specificRights == null) ? ACLUtil.getAllACEs(account) : ACLUtil.getACEs(account, specificRights);
Element response = zsc.createElement(MailConstants.GET_PERMISSION_RESPONSE);
if (aces != null) {
for (ZimbraACE ace : aces) ToXML.encodeACE(response, ace);
}
return response;
}
use of com.zimbra.cs.account.accesscontrol.ZimbraACE in project zm-mailbox by Zimbra.
the class GrantPermission method handle.
@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
ZimbraSoapContext zsc = getZimbraSoapContext(context);
Account account = getRequestedAccount(zsc);
if (!canAccessAccount(zsc, account))
throw ServiceException.PERM_DENIED("can not access account");
Set<ZimbraACE> aces = new HashSet<ZimbraACE>();
for (Element eACE : request.listElements(MailConstants.E_ACE)) {
ZimbraACE ace = handleACE(eACE, zsc, true);
aces.add(ace);
}
List<ZimbraACE> granted = ACLUtil.grantRight(Provisioning.getInstance(), account, aces);
Element response = zsc.createElement(MailConstants.GRANT_PERMISSION_RESPONSE);
if (aces != null) {
for (ZimbraACE ace : granted) ToXML.encodeACE(response, ace);
}
return response;
}
use of com.zimbra.cs.account.accesscontrol.ZimbraACE in project zm-mailbox by Zimbra.
the class TestACL method grantRight.
/*
* utility methods to grant/revoke right
*
* To simulate how grants are done in the real server/zmprov, we first call TargetType.lookupTarget to
* "look for" the taret, then use the returned entry instead of giving the target entry passed in
* directly to RightUtil.
*
* This is for testing user rights, which goes to RightUtil directly (i.e. not through RightCommand)
*
*/
protected List<ZimbraACE> grantRight(TargetType targetType, Entry target, Set<ZimbraACE> aces) throws ServiceException {
/*
* make sure all rights are user right, tests written earlier could still be using
* this to grant
*/
for (ZimbraACE ace : aces) {
assertTrue(ace.getRight().isUserRight());
}
Entry targetEntry;
if (target instanceof Zimlet) {
// must be by name
String targetName = ((Zimlet) target).getName();
targetEntry = TargetType.lookupTarget(mProv, targetType, TargetBy.name, targetName);
} else {
String targetId = (target instanceof NamedEntry) ? ((NamedEntry) target).getId() : null;
targetEntry = TargetType.lookupTarget(mProv, targetType, TargetBy.id, targetId);
}
return ACLUtil.grantRight(mProv, targetEntry, aces);
}
Aggregations