Example 6 with ACL
use of com.zimbra.cs.mailbox.ACL in project zm-mailbox by Zimbra.
the class FolderACL method getEffectivePermissionsLocal.
public static Short getEffectivePermissionsLocal(OperationContext octxt, Mailbox ownerMbx, Folder folder) throws ServiceException {
// cache the effective folder ACL in memcached - independent of the authed user
ACL acl = folder.getEffectiveACL();
EffectiveACLCache.put(folder.getAccount().getId(), folder.getId(), acl);
// return the effective permission - auth user dependent
return ownerMbx.getEffectivePermissions(octxt.getAuthenticatedUser(), octxt.isUsingAdminPrivileges(), folder.getId(), MailItem.Type.FOLDER);
}
Also used :
ACL(com.zimbra.cs.mailbox.ACL)
Example 7 with ACL
use of com.zimbra.cs.mailbox.ACL in project zm-mailbox by Zimbra.
the class ArchiveFormatter method addItem.
private void addItem(UserServletContext context, Folder fldr, Map<Object, Folder> fmap, FolderDigestInfo digestInfo, Map<Integer, Integer> idMap, int[] ids, Set<MailItem.Type> types, Resolve r, ItemData id, ArchiveInputStream ais, ArchiveInputEntry aie, List<ServiceException> errs) throws ServiceException {
try {
Mailbox mbox = fldr.getMailbox();
MailItem mi = MailItem.constructItem(mbox, id.ud);
MailItem newItem = null, oldItem = null;
OperationContext octxt = context.opContext;
String path;
ParsedMessage pm;
boolean root = fldr.getId() == Mailbox.ID_FOLDER_ROOT || fldr.getId() == Mailbox.ID_FOLDER_USER_ROOT || id.path.startsWith(fldr.getPath() + '/');
if ((ids != null && Arrays.binarySearch(ids, id.ud.id) < 0) || (types != null && !types.contains(MailItem.Type.of(id.ud.type))))
return;
if (id.ud.getBlobDigest() != null && aie == null) {
addError(errs, FormatterServiceException.MISSING_BLOB(id.path));
return;
}
if (root) {
path = id.path;
} else {
path = fldr.getPath() + id.path;
}
if (path.endsWith("/") && !path.equals("/")) {
path = path.substring(0, path.length() - 1);
}
if (mbox.isImmutableSystemFolder(id.ud.folderId))
return;
switch(mi.getType()) {
case APPOINTMENT:
case TASK:
CalendarItem ci = (CalendarItem) mi;
fldr = createPath(context, fmap, path, ci.getType() == MailItem.Type.APPOINTMENT ? MailItem.Type.APPOINTMENT : MailItem.Type.TASK);
if (!root || r != Resolve.Reset) {
CalendarItem oldCI = null;
try {
oldCI = mbox.getCalendarItemByUid(octxt, ci.getUid());
} catch (Exception e) {
}
if (oldCI != null && r == Resolve.Replace) {
mbox.delete(octxt, oldCI.getId(), oldCI.getType());
} else {
oldItem = oldCI;
}
}
if (oldItem == null || r != Resolve.Skip) {
CalendarItem.AlarmData ad = ci.getAlarmData();
byte[] data = readArchiveEntry(ais, aie);
Map<Integer, MimeMessage> blobMimeMsgMap = data == null ? null : CalendarItem.decomposeBlob(data);
SetCalendarItemData defScid = new SetCalendarItemData();
SetCalendarItemData[] exceptionScids = null;
Invite[] invs = ci.getInvites();
MimeMessage mm;
if (invs != null && invs.length > 0) {
defScid.invite = invs[0];
if (blobMimeMsgMap != null && (mm = blobMimeMsgMap.get(defScid.invite.getMailItemId())) != null) {
defScid.message = new ParsedMessage(mm, mbox.attachmentsIndexingEnabled());
}
if (invs.length > 1) {
exceptionScids = new SetCalendarItemData[invs.length - 1];
for (int i = 1; i < invs.length; i++) {
SetCalendarItemData scid = new SetCalendarItemData();
scid.invite = invs[i];
if (blobMimeMsgMap != null && (mm = blobMimeMsgMap.get(defScid.invite.getMailItemId())) != null) {
scid.message = new ParsedMessage(mm, mbox.attachmentsIndexingEnabled());
}
exceptionScids[i - 1] = scid;
}
}
newItem = mbox.setCalendarItem(octxt, oldItem != null && r == Resolve.Modify ? oldItem.getFolderId() : fldr.getId(), ci.getFlagBitmask(), ci.getTags(), defScid, exceptionScids, ci.getAllReplies(), ad == null ? CalendarItem.NEXT_ALARM_KEEP_CURRENT : ad.getNextAt());
}
}
break;
case CHAT:
Chat chat = (Chat) mi;
byte[] content = readArchiveEntry(ais, aie);
pm = new ParsedMessage(content, mi.getDate(), mbox.attachmentsIndexingEnabled());
fldr = createPath(context, fmap, path, MailItem.Type.CHAT);
if (root && r != Resolve.Reset) {
Chat oldChat = null;
try {
oldChat = mbox.getChatById(octxt, chat.getId());
if (oldChat.getFolderId() != fldr.getId()) {
oldChat = null;
}
} catch (Exception e) {
}
if (oldChat != null && chat.getSender().equals(oldChat.getSender()) && chat.getSubject().equals(oldChat.getSubject())) {
if (r == Resolve.Replace) {
mbox.delete(octxt, oldChat.getId(), oldChat.getType());
} else {
oldItem = oldChat;
if (r == Resolve.Modify)
newItem = mbox.updateChat(octxt, pm, oldItem.getId());
}
}
}
if (oldItem == null)
newItem = mbox.createChat(octxt, pm, fldr.getId(), chat.getFlagBitmask(), chat.getTags());
break;
case CONVERSATION:
Conversation cv = (Conversation) mi;
if (r != Resolve.Reset && r != Resolve.Skip) {
try {
oldItem = mbox.getConversationByHash(octxt, Mailbox.getHash(cv.getSubject()));
} catch (Exception e) {
}
}
break;
case CONTACT:
Contact ct = (Contact) mi;
fldr = createPath(context, fmap, path, Folder.Type.CONTACT);
if (root && r != Resolve.Reset) {
Contact oldContact = null;
oldContact = findContact(octxt, mbox, ct, fldr);
if (oldContact != null) {
String email = string(ct.get(ContactConstants.A_email));
String first = string(ct.get(ContactConstants.A_firstName));
String name = string(ct.get(ContactConstants.A_fullName));
String oldemail = string(oldContact.get(ContactConstants.A_email));
String oldfirst = string(oldContact.get(ContactConstants.A_firstName));
String oldname = string(oldContact.get(ContactConstants.A_fullName));
if (email.equals(oldemail) && first.equals(oldfirst) && name.equals(oldname)) {
if (r == Resolve.Replace) {
mbox.delete(octxt, oldContact.getId(), oldContact.getType());
} else {
oldItem = oldContact;
if (r == Resolve.Modify) {
mbox.modifyContact(octxt, oldItem.getId(), new ParsedContact(ct.getFields(), readArchiveEntry(ais, aie)));
}
}
}
}
}
if (oldItem == null) {
newItem = mbox.createContact(octxt, new ParsedContact(ct.getFields(), readArchiveEntry(ais, aie)), fldr.getId(), ct.getTags());
}
break;
case DOCUMENT:
case WIKI:
Document doc = (Document) mi;
Document oldDoc = null;
Integer oldId = idMap.get(mi.getId());
fldr = createParent(context, fmap, path, doc.getType() == MailItem.Type.DOCUMENT ? MailItem.Type.DOCUMENT : MailItem.Type.WIKI);
if (oldId == null) {
try {
for (Document listDoc : mbox.getDocumentList(octxt, fldr.getId())) {
if (doc.getName().equals(listDoc.getName())) {
oldDoc = listDoc;
idMap.put(doc.getId(), oldDoc.getId());
break;
}
}
} catch (Exception e) {
}
} else {
oldDoc = mbox.getDocumentById(octxt, oldId);
}
if (oldDoc != null) {
if (r == Resolve.Replace && oldId == null) {
mbox.delete(octxt, oldDoc.getId(), oldDoc.getType());
} else if (doc.getVersion() < oldDoc.getVersion()) {
return;
} else {
oldItem = oldDoc;
if (doc.getVersion() > oldDoc.getVersion()) {
newItem = mbox.addDocumentRevision(octxt, oldDoc.getId(), doc.getCreator(), doc.getName(), doc.getDescription(), doc.isDescriptionEnabled(), ais.getInputStream());
}
if (r != Resolve.Skip) {
mbox.setDate(octxt, oldDoc.getId(), doc.getType(), doc.getDate());
}
}
}
if (oldItem == null) {
if (mi.getType() == MailItem.Type.DOCUMENT) {
newItem = mbox.createDocument(octxt, fldr.getId(), doc.getName(), doc.getContentType(), doc.getCreator(), doc.getDescription(), ais.getInputStream());
} else {
WikiItem wi = (WikiItem) mi;
newItem = mbox.createWiki(octxt, fldr.getId(), wi.getWikiWord(), wi.getCreator(), wi.getDescription(), ais.getInputStream());
}
mbox.setDate(octxt, newItem.getId(), doc.getType(), doc.getDate());
idMap.put(doc.getId(), newItem.getId());
}
break;
case FLAG:
return;
case FOLDER:
String aclParam = context.params.get("acl");
boolean doACL = aclParam == null || !aclParam.equals("0");
Folder f = (Folder) mi;
ACL acl = f.getACL();
Folder oldF = null;
MailItem.Type view = f.getDefaultView();
if (view == MailItem.Type.CONVERSATION || view == MailItem.Type.FLAG || view == MailItem.Type.TAG)
break;
try {
oldF = mbox.getFolderByPath(octxt, path);
} catch (Exception e) {
}
if (oldF != null) {
oldItem = oldF;
if (r != Resolve.Skip) {
if (!f.getUrl().equals(oldF.getUrl())) {
mbox.setFolderUrl(octxt, oldF.getId(), f.getUrl());
}
if (doACL) {
ACL oldACL = oldF.getACL();
if ((acl == null && oldACL != null) || (acl != null && (oldACL == null || !acl.equals(oldACL)))) {
mbox.setPermissions(octxt, oldF.getId(), acl);
}
}
}
}
if (oldItem == null) {
fldr = createParent(context, fmap, path, Folder.Type.UNKNOWN);
Folder.FolderOptions fopt = new Folder.FolderOptions();
fopt.setDefaultView(f.getDefaultView()).setFlags(f.getFlagBitmask()).setColor(f.getColor()).setUrl(f.getUrl());
newItem = fldr = mbox.createFolder(octxt, f.getName(), fldr.getId(), fopt);
if (doACL && acl != null) {
mbox.setPermissions(octxt, fldr.getId(), acl);
}
fmap.put(fldr.getId(), fldr);
fmap.put(fldr.getPath(), fldr);
}
break;
case MESSAGE:
Message msg = (Message) mi;
Message oldMsg = null;
fldr = createPath(context, fmap, path, Folder.Type.MESSAGE);
if (root && r != Resolve.Reset) {
try {
oldMsg = mbox.getMessageById(octxt, msg.getId());
if (!msg.getDigest().equals(oldMsg.getDigest()) || oldMsg.getFolderId() != fldr.getId()) {
oldMsg = null;
}
} catch (Exception e) {
}
}
if (oldMsg == null) {
Integer digestId = digestInfo.getIdForDigest(fldr, mi.getDigest());
if (digestId != null) {
oldMsg = mbox.getMessageById(octxt, digestId);
if (!msg.getDigest().equals(oldMsg.getDigest())) {
oldMsg = null;
}
}
}
if (oldMsg != null) {
if (r == Resolve.Replace) {
ZimbraLog.misc.debug("Deleting old msg with id=%s as has same digest='%s'", oldMsg.getId(), mi.getDigest());
mbox.delete(octxt, oldMsg.getId(), oldMsg.getType());
} else {
oldItem = oldMsg;
}
}
if (oldItem != null) {
ZimbraLog.misc.debug("Message with id=%s has same digest='%s' - not re-adding", oldItem.getId(), mi.getDigest());
} else {
DeliveryOptions opt = new DeliveryOptions().setFolderId(fldr.getId()).setNoICal(true).setFlags(msg.getFlagBitmask()).setTags(msg.getTags());
newItem = mbox.addMessage(octxt, ais.getInputStream(), (int) aie.getSize(), msg.getDate(), opt, null, id);
}
break;
case MOUNTPOINT:
Mountpoint mp = (Mountpoint) mi;
MailItem oldMP = null;
try {
oldMP = mbox.getItemByPath(octxt, path);
if (oldMP.getType() == mi.getType()) {
oldMP = null;
}
} catch (Exception e) {
}
if (oldMP != null) {
if (r == Resolve.Modify || r == Resolve.Replace) {
mbox.delete(octxt, oldMP.getId(), oldMP.getType());
} else {
oldItem = oldMP;
}
}
if (oldItem == null) {
fldr = createParent(context, fmap, path, Folder.Type.UNKNOWN);
newItem = mbox.createMountpoint(context.opContext, fldr.getId(), mp.getName(), mp.getOwnerId(), mp.getRemoteId(), mp.getRemoteUuid(), mp.getDefaultView(), mp.getFlagBitmask(), mp.getColor(), mp.isReminderEnabled());
}
break;
case NOTE:
Note note = (Note) mi;
Note oldNote = null;
fldr = createPath(context, fmap, path, MailItem.Type.NOTE);
try {
for (Note listNote : mbox.getNoteList(octxt, fldr.getId())) {
if (note.getSubject().equals(listNote.getSubject())) {
oldNote = listNote;
break;
}
}
} catch (Exception e) {
}
if (oldNote != null) {
if (r == Resolve.Replace) {
mbox.delete(octxt, oldNote.getId(), oldNote.getType());
} else {
oldItem = oldNote;
if (r == Resolve.Modify) {
mbox.editNote(octxt, oldItem.getId(), new String(readArchiveEntry(ais, aie), UTF8));
}
}
break;
}
if (oldItem == null) {
newItem = mbox.createNote(octxt, new String(readArchiveEntry(ais, aie), UTF8), note.getBounds(), note.getColor(), fldr.getId());
}
break;
case SEARCHFOLDER:
SearchFolder sf = (SearchFolder) mi;
MailItem oldSF = null;
try {
oldSF = mbox.getItemByPath(octxt, path);
if (oldSF.getType() == mi.getType()) {
oldSF = null;
}
} catch (Exception e) {
}
if (oldSF != null) {
if (r == Resolve.Modify) {
mbox.modifySearchFolder(octxt, oldSF.getId(), sf.getQuery(), sf.getReturnTypes(), sf.getSortField());
} else if (r == Resolve.Replace) {
mbox.delete(octxt, oldSF.getId(), oldSF.getType());
} else {
oldItem = oldSF;
}
}
if (oldItem == null) {
fldr = createParent(context, fmap, path, MailItem.Type.UNKNOWN);
newItem = mbox.createSearchFolder(octxt, fldr.getId(), sf.getName(), sf.getQuery(), sf.getReturnTypes(), sf.getSortField(), sf.getFlagBitmask(), sf.getColor());
}
break;
case TAG:
Tag tag = (Tag) mi;
try {
Tag oldTag = mbox.getTagByName(octxt, tag.getName());
oldItem = oldTag;
} catch (Exception e) {
}
if (oldItem == null) {
newItem = mbox.createTag(octxt, tag.getName(), tag.getColor());
}
break;
case VIRTUAL_CONVERSATION:
return;
}
if (newItem != null) {
if (mi.getColor() != newItem.getColor()) {
mbox.setColor(octxt, newItem.getId(), newItem.getType(), mi.getColor());
}
if (!id.flags.equals(newItem.getFlagString()) || !id.tagsEqual(newItem)) {
mbox.setTags(octxt, newItem.getId(), newItem.getType(), Flag.toBitmask(id.flags), getTagNames(id), null);
}
} else if (oldItem != null && r == Resolve.Modify) {
if (mi.getColor() != oldItem.getColor()) {
mbox.setColor(octxt, oldItem.getId(), oldItem.getType(), mi.getColor());
}
if (!id.flags.equals(oldItem.getFlagString()) || !id.tagsEqual(oldItem)) {
mbox.setTags(octxt, oldItem.getId(), oldItem.getType(), Flag.toBitmask(id.flags), getTagNames(id), null);
}
}
} catch (MailServiceException e) {
if (e.getCode() == MailServiceException.QUOTA_EXCEEDED) {
throw e;
} else if (r != Resolve.Skip || e.getCode() != MailServiceException.ALREADY_EXISTS) {
addError(errs, e);
}
} catch (Exception e) {
String path = id.path;
// When importing items into, e.g. the Inbox, often path is just "/Inbox" which isn't that useful
if ((aie != null) && !Strings.isNullOrEmpty(aie.getName())) {
path = aie.getName();
}
addError(errs, FormatterServiceException.UNKNOWN_ERROR(path, e));
}
}
Also used :
MimeMessage(javax.mail.internet.MimeMessage)
ParsedMessage(com.zimbra.cs.mime.ParsedMessage)
Message(com.zimbra.cs.mailbox.Message)
Conversation(com.zimbra.cs.mailbox.Conversation)
Document(com.zimbra.cs.mailbox.Document)
SearchFolder(com.zimbra.cs.mailbox.SearchFolder)
Folder(com.zimbra.cs.mailbox.Folder)
SetCalendarItemData(com.zimbra.cs.mailbox.Mailbox.SetCalendarItemData)
CalendarItem(com.zimbra.cs.mailbox.CalendarItem)
ParsedContact(com.zimbra.cs.mime.ParsedContact)
Mailbox(com.zimbra.cs.mailbox.Mailbox)
MimeMessage(javax.mail.internet.MimeMessage)
Chat(com.zimbra.cs.mailbox.Chat)
MailServiceException(com.zimbra.cs.mailbox.MailServiceException)
DeliveryOptions(com.zimbra.cs.mailbox.DeliveryOptions)
Mountpoint(com.zimbra.cs.mailbox.Mountpoint)
OperationContext(com.zimbra.cs.mailbox.OperationContext)
ParsedMessage(com.zimbra.cs.mime.ParsedMessage)
SearchFolder(com.zimbra.cs.mailbox.SearchFolder)
ACL(com.zimbra.cs.mailbox.ACL)
NoSuchItemException(com.zimbra.cs.mailbox.MailServiceException.NoSuchItemException)
ExportPeriodNotSpecifiedException(com.zimbra.cs.mailbox.MailServiceException.ExportPeriodNotSpecifiedException)
ServiceException(com.zimbra.common.service.ServiceException)
IOException(java.io.IOException)
ExecutionException(java.util.concurrent.ExecutionException)
MailServiceException(com.zimbra.cs.mailbox.MailServiceException)
ExportPeriodTooLongException(com.zimbra.cs.mailbox.MailServiceException.ExportPeriodTooLongException)
UserServletException(com.zimbra.cs.service.UserServletException)
Mountpoint(com.zimbra.cs.mailbox.Mountpoint)
ParsedContact(com.zimbra.cs.mime.ParsedContact)
Contact(com.zimbra.cs.mailbox.Contact)
MailItem(com.zimbra.cs.mailbox.MailItem)
WikiItem(com.zimbra.cs.mailbox.WikiItem)
Note(com.zimbra.cs.mailbox.Note)
Tag(com.zimbra.cs.mailbox.Tag)
Invite(com.zimbra.cs.mailbox.calendar.Invite)
Example 8 with ACL
use of com.zimbra.cs.mailbox.ACL in project zm-mailbox by Zimbra.
the class ProxyGroupMemberSet method getUsersWithProxyAccessToCalendar.
/**
* @param readOnly - if true, return accounts which have "read" right but not "write" access.<br />
* if false, return accounts that have at least "write" access.
*/
public static Set<Account> getUsersWithProxyAccessToCalendar(DavContext ctxt, Account acct, boolean readOnly) {
Set<Account> accts = Sets.newHashSet();
try {
Mailbox mbox = MailboxManager.getInstance().getMailboxByAccount(acct);
Folder f = mbox.getFolderById(ctxt.getOperationContext(), Mailbox.ID_FOLDER_CALENDAR);
ACL acl = f.getEffectiveACL();
if (acl == null) {
return accts;
}
for (Grant g : acl.getGrants()) {
if (g.getGranteeType() != ACL.GRANTEE_USER) {
continue;
}
boolean match = readOnly ? (g.getGrantedRights() & ACL.RIGHT_READ) != 0 && (g.getGrantedRights() & ACL.RIGHT_WRITE) == 0 : (g.getGrantedRights() & ACL.RIGHT_WRITE) != 0;
if (match) {
Account user = Provisioning.getInstance().get(AccountBy.id, g.getGranteeId());
if (user != null) {
accts.add(user);
}
}
}
} catch (ServiceException se) {
ZimbraLog.dav.warn("can't get mailbox", se);
}
return accts;
}Example 9 with ACL
use of com.zimbra.cs.mailbox.ACL in project zm-mailbox by Zimbra.
the class SendShareNotification method getMatchingGrantLocal.
private MatchingGrant getMatchingGrantLocal(OperationContext octxt, MailItem item, byte granteeType, String granteeId, Account ownerAcct) throws ServiceException {
if (item instanceof Mountpoint) {
Mailbox ownerMbox = MailboxManager.getInstance().getMailboxByAccount(ownerAcct, false);
if (ownerMbox == null) {
throw ServiceException.FAILURE("mailbox not found for account " + ownerAcct.getId(), null);
}
item = ownerMbox.getItemById(octxt, ((Mountpoint) item).getRemoteId(), MailItem.Type.UNKNOWN);
}
ACL acl = item.getEffectiveACL();
if (acl == null) {
return null;
}
for (ACL.Grant grant : acl.getGrants()) {
if (grant.getGranteeType() == granteeType && grant.getGranteeId().equals(granteeId)) {
return new MatchingGrant(grant);
}
}
return null;
}
Also used :
Mailbox(com.zimbra.cs.mailbox.Mailbox)
ACL(com.zimbra.cs.mailbox.ACL)
Mountpoint(com.zimbra.cs.mailbox.Mountpoint)
Example 10 with ACL
use of com.zimbra.cs.mailbox.ACL in project zm-mailbox by Zimbra.
the class FolderACL method checkRights.
/*
* merge with Folder.checkRights?
*/
private short checkRights(short rightsNeeded, Account authuser, boolean asAdmin) throws ServiceException {
if (rightsNeeded == 0)
return rightsNeeded;
// the mailbox owner can do anything they want
if (authuser == null || authuser.getId().equals(mShareTarget.getAccountId()))
return rightsNeeded;
// check admin access and login right
if (canAccessOwnerAccount(authuser, asAdmin))
return rightsNeeded;
Short granted = null;
// check the ACLs to see if access has been explicitly granted
ACL rights = getEffectiveACLFromCache();
if (rights != null)
granted = rights.getGrantedRights(authuser);
else
granted = getEffectivePermissionsFromServer();
if (granted != null)
return (short) (granted.shortValue() & rightsNeeded);
return 0;
}
Also used :
ACL(com.zimbra.cs.mailbox.ACL)
Aggregations
ACL (com.zimbra.cs.mailbox.ACL)15
Mailbox (com.zimbra.cs.mailbox.Mailbox)9
ServiceException (com.zimbra.common.service.ServiceException)6
Folder (com.zimbra.cs.mailbox.Folder)5
MailServiceException (com.zimbra.cs.mailbox.MailServiceException)5
Element (com.zimbra.common.soap.Element)4
MailItem (com.zimbra.cs.mailbox.MailItem)4
ZMailbox (com.zimbra.client.ZMailbox)3
OperationContext (com.zimbra.cs.mailbox.OperationContext)3
Account (com.zimbra.cs.account.Account)2
NamedEntry (com.zimbra.cs.account.NamedEntry)2
Ace (com.zimbra.cs.dav.property.Acl.Ace)2
Grant (com.zimbra.cs.mailbox.ACL.Grant)2
Mountpoint (com.zimbra.cs.mailbox.Mountpoint)2
ItemId (com.zimbra.cs.service.util.ItemId)2
ItemIdFormatter (com.zimbra.cs.service.util.ItemIdFormatter)2
ZimbraSoapContext (com.zimbra.soap.ZimbraSoapContext)2
ArrayList (java.util.ArrayList)2
Date (java.util.Date)2
HashSet (java.util.HashSet)2
