use of com.zimbra.cs.mailbox.ACL.Grant in project zm-mailbox by Zimbra.
the class MailItemResource method getAce.
public List<Ace> getAce(DavContext ctxt) throws ServiceException, DavException {
ArrayList<Ace> aces = new ArrayList<Ace>();
Mailbox mbox = getMailbox(ctxt);
MailItem item = mbox.getItemById(ctxt.getOperationContext(), mId, MailItem.Type.UNKNOWN);
Folder f = null;
if (item.getType() == MailItem.Type.FOLDER)
f = (Folder) item;
else
f = mbox.getFolderById(ctxt.getOperationContext(), item.getParentId());
ACL effectiveAcl = f.getEffectiveACL();
if (effectiveAcl == null) {
return aces;
}
List<Grant> grants = effectiveAcl.getGrants();
if (grants == null) {
return aces;
}
for (ACL.Grant g : grants) {
if (!g.hasGrantee())
continue;
aces.add(new Ace(g.getGranteeId(), g.getGrantedRights(), g.getGranteeType()));
}
return aces;
}
use of com.zimbra.cs.mailbox.ACL.Grant in project zm-mailbox by Zimbra.
the class Acl method toElement.
@Override
public Element toElement(DavContext ctxt, Element parent, boolean nameOnly) {
Element acl = super.toElement(ctxt, parent, true);
if (mAcl == null)
return acl;
Account ownerAccount = null;
Account authAccount = ctxt.getAuthAccount();
try {
ownerAccount = Provisioning.getInstance().getAccountByName(mOwner);
} catch (ServiceException se) {
}
for (Grant g : mAcl.getGrants()) {
try {
if (ownerAccount != null && authAccount.compareTo(ownerAccount) != 0 && g.getGrantedRights(authAccount, mAcl) == 0)
continue;
Element ace = acl.addElement(DavElements.E_ACE);
Element principal = ace.addElement(DavElements.E_PRINCIPAL);
Element e;
switch(g.getGranteeType()) {
case ACL.GRANTEE_USER:
e = principal.addElement(DavElements.E_HREF);
e.setText(UrlNamespace.getAclUrl(g.getGranteeId(), UrlNamespace.ACL_USER));
break;
case ACL.GRANTEE_GUEST:
e = principal.addElement(DavElements.E_HREF);
e.setText(UrlNamespace.getAclUrl(g.getGranteeId(), UrlNamespace.ACL_GUEST));
break;
case ACL.GRANTEE_KEY:
// 30049 TODO
break;
case ACL.GRANTEE_AUTHUSER:
principal.addElement(DavElements.E_AUTHENTICATED);
break;
case ACL.GRANTEE_COS:
e = principal.addElement(DavElements.E_HREF);
e.setText(UrlNamespace.getAclUrl(g.getGranteeId(), UrlNamespace.ACL_COS));
break;
case ACL.GRANTEE_DOMAIN:
e = principal.addElement(DavElements.E_HREF);
e.setText(UrlNamespace.getAclUrl(g.getGranteeId(), UrlNamespace.ACL_DOMAIN));
break;
case ACL.GRANTEE_GROUP:
e = principal.addElement(DavElements.E_HREF);
e.setText(UrlNamespace.getAclUrl(g.getGranteeId(), UrlNamespace.ACL_GROUP));
break;
case ACL.GRANTEE_PUBLIC:
principal.addElement(DavElements.E_UNAUTHENTICATED);
break;
}
addGrantDeny(ace, g, true);
} catch (DavException e) {
ZimbraLog.dav.error("can't add principal: grantee=" + g.getGranteeId(), e);
} catch (ServiceException e) {
ZimbraLog.dav.error("can't add principal: grantee=" + g.getGranteeId(), e);
}
}
return acl;
}
use of com.zimbra.cs.mailbox.ACL.Grant in project zm-mailbox by Zimbra.
the class ProxyGroupMemberSet method getUsersWithProxyAccessToCalendar.
/**
* @param readOnly - if true, return accounts which have "read" right but not "write" access.<br />
* if false, return accounts that have at least "write" access.
*/
public static Set<Account> getUsersWithProxyAccessToCalendar(DavContext ctxt, Account acct, boolean readOnly) {
Set<Account> accts = Sets.newHashSet();
try {
Mailbox mbox = MailboxManager.getInstance().getMailboxByAccount(acct);
Folder f = mbox.getFolderById(ctxt.getOperationContext(), Mailbox.ID_FOLDER_CALENDAR);
ACL acl = f.getEffectiveACL();
if (acl == null) {
return accts;
}
for (Grant g : acl.getGrants()) {
if (g.getGranteeType() != ACL.GRANTEE_USER) {
continue;
}
boolean match = readOnly ? (g.getGrantedRights() & ACL.RIGHT_READ) != 0 && (g.getGrantedRights() & ACL.RIGHT_WRITE) == 0 : (g.getGrantedRights() & ACL.RIGHT_WRITE) != 0;
if (match) {
Account user = Provisioning.getInstance().get(AccountBy.id, g.getGranteeId());
if (user != null) {
accts.add(user);
}
}
}
} catch (ServiceException se) {
ZimbraLog.dav.warn("can't get mailbox", se);
}
return accts;
}
Aggregations