Examples with ZimbraACE com.zimbra.cs.account.accesscontrol.ZimbraACE used on opensource projects

Example 6 with ZimbraACE

use of com.zimbra.cs.account.accesscontrol.ZimbraACE in project zm-mailbox by Zimbra.

the class RevokeRights method handle.

@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
    ZimbraSoapContext zsc = getZimbraSoapContext(context);
    Account account = getRequestedAccount(zsc);
    if (!canAccessAccount(zsc, account)) {
        throw ServiceException.PERM_DENIED("can not access account");
    }
    Set<ZimbraACE> aces = new HashSet<ZimbraACE>();
    for (Element eACE : request.listElements(AccountConstants.E_ACE)) {
        ZimbraACE ace = GrantRights.handleACE(eACE, zsc, false);
        aces.add(ace);
    }
    // TODO, change to Provisioning.grantPermission?
    List<ZimbraACE> revoked = ACLUtil.revokeRight(Provisioning.getInstance(), account, aces);
    Element response = zsc.createElement(AccountConstants.REVOKE_RIGHTS_RESPONSE);
    if (aces != null) {
        for (ZimbraACE ace : revoked) {
            ToXML.encodeACE(response, ace);
        }
    }
    return response;
}

Example 7 with ZimbraACE

use of com.zimbra.cs.account.accesscontrol.ZimbraACE in project zm-mailbox by Zimbra.

the class GetRights method handle.

@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
    ZimbraSoapContext zsc = getZimbraSoapContext(context);
    Account account = getRequestedAccount(zsc);
    if (!canAccessAccount(zsc, account)) {
        throw ServiceException.PERM_DENIED("can not access account");
    }
    Set<Right> specificRights = null;
    for (Element eACE : request.listElements(AccountConstants.E_ACE)) {
        if (specificRights == null)
            specificRights = new HashSet<Right>();
        specificRights.add(RightManager.getInstance().getUserRight(eACE.getAttribute(AccountConstants.A_RIGHT)));
    }
    List<ZimbraACE> aces = (specificRights == null) ? ACLUtil.getAllACEs(account) : ACLUtil.getACEs(account, specificRights);
    Element response = zsc.createElement(AccountConstants.GET_RIGHTS_RESPONSE);
    if (aces != null) {
        for (ZimbraACE ace : aces) {
            ToXML.encodeACE(response, ace);
        }
    }
    return response;
}

Example 8 with ZimbraACE

use of com.zimbra.cs.account.accesscontrol.ZimbraACE in project zm-mailbox by Zimbra.

the class GetPermission method handle.

@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
    ZimbraSoapContext zsc = getZimbraSoapContext(context);
    Account account = getRequestedAccount(zsc);
    if (!canAccessAccount(zsc, account))
        throw ServiceException.PERM_DENIED("can not access account");
    Set<Right> specificRights = null;
    for (Element eACE : request.listElements(MailConstants.E_ACE)) {
        if (specificRights == null)
            specificRights = new HashSet<Right>();
        specificRights.add(RightManager.getInstance().getUserRight(eACE.getAttribute(MailConstants.A_RIGHT)));
    }
    List<ZimbraACE> aces = (specificRights == null) ? ACLUtil.getAllACEs(account) : ACLUtil.getACEs(account, specificRights);
    Element response = zsc.createElement(MailConstants.GET_PERMISSION_RESPONSE);
    if (aces != null) {
        for (ZimbraACE ace : aces) ToXML.encodeACE(response, ace);
    }
    return response;
}

Example 9 with ZimbraACE

use of com.zimbra.cs.account.accesscontrol.ZimbraACE in project zm-mailbox by Zimbra.

the class GrantPermission method handle.

@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
    ZimbraSoapContext zsc = getZimbraSoapContext(context);
    Account account = getRequestedAccount(zsc);
    if (!canAccessAccount(zsc, account))
        throw ServiceException.PERM_DENIED("can not access account");
    Set<ZimbraACE> aces = new HashSet<ZimbraACE>();
    for (Element eACE : request.listElements(MailConstants.E_ACE)) {
        ZimbraACE ace = handleACE(eACE, zsc, true);
        aces.add(ace);
    }
    List<ZimbraACE> granted = ACLUtil.grantRight(Provisioning.getInstance(), account, aces);
    Element response = zsc.createElement(MailConstants.GRANT_PERMISSION_RESPONSE);
    if (aces != null) {
        for (ZimbraACE ace : granted) ToXML.encodeACE(response, ace);
    }
    return response;
}

Example 10 with ZimbraACE

use of com.zimbra.cs.account.accesscontrol.ZimbraACE in project zm-mailbox by Zimbra.

the class TestACL method grantRight.

/*
     * utility methods to grant/revoke right
     *
     * To simulate how grants are done in the real server/zmprov, we first call TargetType.lookupTarget to
     * "look for" the taret, then use the returned entry instead of giving the target entry passed in
     * directly to RightUtil.
     *
     * This is for testing user rights, which goes to RightUtil directly (i.e. not through RightCommand)
     *
     */
protected List<ZimbraACE> grantRight(TargetType targetType, Entry target, Set<ZimbraACE> aces) throws ServiceException {
    /*
         * make sure all rights are user right, tests written earlier could still be using
         * this to grant
         */
    for (ZimbraACE ace : aces) {
        assertTrue(ace.getRight().isUserRight());
    }
    Entry targetEntry;
    if (target instanceof Zimlet) {
        // must be by name
        String targetName = ((Zimlet) target).getName();
        targetEntry = TargetType.lookupTarget(mProv, targetType, TargetBy.name, targetName);
    } else {
        String targetId = (target instanceof NamedEntry) ? ((NamedEntry) target).getId() : null;
        targetEntry = TargetType.lookupTarget(mProv, targetType, TargetBy.id, targetId);
    }
    return ACLUtil.grantRight(mProv, targetEntry, aces);
}