use of com.zimbra.cs.mailbox.ACL in project zm-mailbox by Zimbra.
the class FolderACL method getEffectivePermissionsLocal.
public static Short getEffectivePermissionsLocal(OperationContext octxt, Mailbox ownerMbx, Folder folder) throws ServiceException {
// cache the effective folder ACL in memcached - independent of the authed user
ACL acl = folder.getEffectiveACL();
EffectiveACLCache.put(folder.getAccount().getId(), folder.getId(), acl);
// return the effective permission - auth user dependent
return ownerMbx.getEffectivePermissions(octxt.getAuthenticatedUser(), octxt.isUsingAdminPrivileges(), folder.getId(), MailItem.Type.FOLDER);
}
use of com.zimbra.cs.mailbox.ACL in project zm-mailbox by Zimbra.
the class ArchiveFormatter method addItem.
private void addItem(UserServletContext context, Folder fldr, Map<Object, Folder> fmap, FolderDigestInfo digestInfo, Map<Integer, Integer> idMap, int[] ids, Set<MailItem.Type> types, Resolve r, ItemData id, ArchiveInputStream ais, ArchiveInputEntry aie, List<ServiceException> errs) throws ServiceException {
try {
Mailbox mbox = fldr.getMailbox();
MailItem mi = MailItem.constructItem(mbox, id.ud);
MailItem newItem = null, oldItem = null;
OperationContext octxt = context.opContext;
String path;
ParsedMessage pm;
boolean root = fldr.getId() == Mailbox.ID_FOLDER_ROOT || fldr.getId() == Mailbox.ID_FOLDER_USER_ROOT || id.path.startsWith(fldr.getPath() + '/');
if ((ids != null && Arrays.binarySearch(ids, id.ud.id) < 0) || (types != null && !types.contains(MailItem.Type.of(id.ud.type))))
return;
if (id.ud.getBlobDigest() != null && aie == null) {
addError(errs, FormatterServiceException.MISSING_BLOB(id.path));
return;
}
if (root) {
path = id.path;
} else {
path = fldr.getPath() + id.path;
}
if (path.endsWith("/") && !path.equals("/")) {
path = path.substring(0, path.length() - 1);
}
if (mbox.isImmutableSystemFolder(id.ud.folderId))
return;
switch(mi.getType()) {
case APPOINTMENT:
case TASK:
CalendarItem ci = (CalendarItem) mi;
fldr = createPath(context, fmap, path, ci.getType() == MailItem.Type.APPOINTMENT ? MailItem.Type.APPOINTMENT : MailItem.Type.TASK);
if (!root || r != Resolve.Reset) {
CalendarItem oldCI = null;
try {
oldCI = mbox.getCalendarItemByUid(octxt, ci.getUid());
} catch (Exception e) {
}
if (oldCI != null && r == Resolve.Replace) {
mbox.delete(octxt, oldCI.getId(), oldCI.getType());
} else {
oldItem = oldCI;
}
}
if (oldItem == null || r != Resolve.Skip) {
CalendarItem.AlarmData ad = ci.getAlarmData();
byte[] data = readArchiveEntry(ais, aie);
Map<Integer, MimeMessage> blobMimeMsgMap = data == null ? null : CalendarItem.decomposeBlob(data);
SetCalendarItemData defScid = new SetCalendarItemData();
SetCalendarItemData[] exceptionScids = null;
Invite[] invs = ci.getInvites();
MimeMessage mm;
if (invs != null && invs.length > 0) {
defScid.invite = invs[0];
if (blobMimeMsgMap != null && (mm = blobMimeMsgMap.get(defScid.invite.getMailItemId())) != null) {
defScid.message = new ParsedMessage(mm, mbox.attachmentsIndexingEnabled());
}
if (invs.length > 1) {
exceptionScids = new SetCalendarItemData[invs.length - 1];
for (int i = 1; i < invs.length; i++) {
SetCalendarItemData scid = new SetCalendarItemData();
scid.invite = invs[i];
if (blobMimeMsgMap != null && (mm = blobMimeMsgMap.get(defScid.invite.getMailItemId())) != null) {
scid.message = new ParsedMessage(mm, mbox.attachmentsIndexingEnabled());
}
exceptionScids[i - 1] = scid;
}
}
newItem = mbox.setCalendarItem(octxt, oldItem != null && r == Resolve.Modify ? oldItem.getFolderId() : fldr.getId(), ci.getFlagBitmask(), ci.getTags(), defScid, exceptionScids, ci.getAllReplies(), ad == null ? CalendarItem.NEXT_ALARM_KEEP_CURRENT : ad.getNextAt());
}
}
break;
case CHAT:
Chat chat = (Chat) mi;
byte[] content = readArchiveEntry(ais, aie);
pm = new ParsedMessage(content, mi.getDate(), mbox.attachmentsIndexingEnabled());
fldr = createPath(context, fmap, path, MailItem.Type.CHAT);
if (root && r != Resolve.Reset) {
Chat oldChat = null;
try {
oldChat = mbox.getChatById(octxt, chat.getId());
if (oldChat.getFolderId() != fldr.getId()) {
oldChat = null;
}
} catch (Exception e) {
}
if (oldChat != null && chat.getSender().equals(oldChat.getSender()) && chat.getSubject().equals(oldChat.getSubject())) {
if (r == Resolve.Replace) {
mbox.delete(octxt, oldChat.getId(), oldChat.getType());
} else {
oldItem = oldChat;
if (r == Resolve.Modify)
newItem = mbox.updateChat(octxt, pm, oldItem.getId());
}
}
}
if (oldItem == null)
newItem = mbox.createChat(octxt, pm, fldr.getId(), chat.getFlagBitmask(), chat.getTags());
break;
case CONVERSATION:
Conversation cv = (Conversation) mi;
if (r != Resolve.Reset && r != Resolve.Skip) {
try {
oldItem = mbox.getConversationByHash(octxt, Mailbox.getHash(cv.getSubject()));
} catch (Exception e) {
}
}
break;
case CONTACT:
Contact ct = (Contact) mi;
fldr = createPath(context, fmap, path, Folder.Type.CONTACT);
if (root && r != Resolve.Reset) {
Contact oldContact = null;
oldContact = findContact(octxt, mbox, ct, fldr);
if (oldContact != null) {
String email = string(ct.get(ContactConstants.A_email));
String first = string(ct.get(ContactConstants.A_firstName));
String name = string(ct.get(ContactConstants.A_fullName));
String oldemail = string(oldContact.get(ContactConstants.A_email));
String oldfirst = string(oldContact.get(ContactConstants.A_firstName));
String oldname = string(oldContact.get(ContactConstants.A_fullName));
if (email.equals(oldemail) && first.equals(oldfirst) && name.equals(oldname)) {
if (r == Resolve.Replace) {
mbox.delete(octxt, oldContact.getId(), oldContact.getType());
} else {
oldItem = oldContact;
if (r == Resolve.Modify) {
mbox.modifyContact(octxt, oldItem.getId(), new ParsedContact(ct.getFields(), readArchiveEntry(ais, aie)));
}
}
}
}
}
if (oldItem == null) {
newItem = mbox.createContact(octxt, new ParsedContact(ct.getFields(), readArchiveEntry(ais, aie)), fldr.getId(), ct.getTags());
}
break;
case DOCUMENT:
case WIKI:
Document doc = (Document) mi;
Document oldDoc = null;
Integer oldId = idMap.get(mi.getId());
fldr = createParent(context, fmap, path, doc.getType() == MailItem.Type.DOCUMENT ? MailItem.Type.DOCUMENT : MailItem.Type.WIKI);
if (oldId == null) {
try {
for (Document listDoc : mbox.getDocumentList(octxt, fldr.getId())) {
if (doc.getName().equals(listDoc.getName())) {
oldDoc = listDoc;
idMap.put(doc.getId(), oldDoc.getId());
break;
}
}
} catch (Exception e) {
}
} else {
oldDoc = mbox.getDocumentById(octxt, oldId);
}
if (oldDoc != null) {
if (r == Resolve.Replace && oldId == null) {
mbox.delete(octxt, oldDoc.getId(), oldDoc.getType());
} else if (doc.getVersion() < oldDoc.getVersion()) {
return;
} else {
oldItem = oldDoc;
if (doc.getVersion() > oldDoc.getVersion()) {
newItem = mbox.addDocumentRevision(octxt, oldDoc.getId(), doc.getCreator(), doc.getName(), doc.getDescription(), doc.isDescriptionEnabled(), ais.getInputStream());
}
if (r != Resolve.Skip) {
mbox.setDate(octxt, oldDoc.getId(), doc.getType(), doc.getDate());
}
}
}
if (oldItem == null) {
if (mi.getType() == MailItem.Type.DOCUMENT) {
newItem = mbox.createDocument(octxt, fldr.getId(), doc.getName(), doc.getContentType(), doc.getCreator(), doc.getDescription(), ais.getInputStream());
} else {
WikiItem wi = (WikiItem) mi;
newItem = mbox.createWiki(octxt, fldr.getId(), wi.getWikiWord(), wi.getCreator(), wi.getDescription(), ais.getInputStream());
}
mbox.setDate(octxt, newItem.getId(), doc.getType(), doc.getDate());
idMap.put(doc.getId(), newItem.getId());
}
break;
case FLAG:
return;
case FOLDER:
String aclParam = context.params.get("acl");
boolean doACL = aclParam == null || !aclParam.equals("0");
Folder f = (Folder) mi;
ACL acl = f.getACL();
Folder oldF = null;
MailItem.Type view = f.getDefaultView();
if (view == MailItem.Type.CONVERSATION || view == MailItem.Type.FLAG || view == MailItem.Type.TAG)
break;
try {
oldF = mbox.getFolderByPath(octxt, path);
} catch (Exception e) {
}
if (oldF != null) {
oldItem = oldF;
if (r != Resolve.Skip) {
if (!f.getUrl().equals(oldF.getUrl())) {
mbox.setFolderUrl(octxt, oldF.getId(), f.getUrl());
}
if (doACL) {
ACL oldACL = oldF.getACL();
if ((acl == null && oldACL != null) || (acl != null && (oldACL == null || !acl.equals(oldACL)))) {
mbox.setPermissions(octxt, oldF.getId(), acl);
}
}
}
}
if (oldItem == null) {
fldr = createParent(context, fmap, path, Folder.Type.UNKNOWN);
Folder.FolderOptions fopt = new Folder.FolderOptions();
fopt.setDefaultView(f.getDefaultView()).setFlags(f.getFlagBitmask()).setColor(f.getColor()).setUrl(f.getUrl());
newItem = fldr = mbox.createFolder(octxt, f.getName(), fldr.getId(), fopt);
if (doACL && acl != null) {
mbox.setPermissions(octxt, fldr.getId(), acl);
}
fmap.put(fldr.getId(), fldr);
fmap.put(fldr.getPath(), fldr);
}
break;
case MESSAGE:
Message msg = (Message) mi;
Message oldMsg = null;
fldr = createPath(context, fmap, path, Folder.Type.MESSAGE);
if (root && r != Resolve.Reset) {
try {
oldMsg = mbox.getMessageById(octxt, msg.getId());
if (!msg.getDigest().equals(oldMsg.getDigest()) || oldMsg.getFolderId() != fldr.getId()) {
oldMsg = null;
}
} catch (Exception e) {
}
}
if (oldMsg == null) {
Integer digestId = digestInfo.getIdForDigest(fldr, mi.getDigest());
if (digestId != null) {
oldMsg = mbox.getMessageById(octxt, digestId);
if (!msg.getDigest().equals(oldMsg.getDigest())) {
oldMsg = null;
}
}
}
if (oldMsg != null) {
if (r == Resolve.Replace) {
ZimbraLog.misc.debug("Deleting old msg with id=%s as has same digest='%s'", oldMsg.getId(), mi.getDigest());
mbox.delete(octxt, oldMsg.getId(), oldMsg.getType());
} else {
oldItem = oldMsg;
}
}
if (oldItem != null) {
ZimbraLog.misc.debug("Message with id=%s has same digest='%s' - not re-adding", oldItem.getId(), mi.getDigest());
} else {
DeliveryOptions opt = new DeliveryOptions().setFolderId(fldr.getId()).setNoICal(true).setFlags(msg.getFlagBitmask()).setTags(msg.getTags());
newItem = mbox.addMessage(octxt, ais.getInputStream(), (int) aie.getSize(), msg.getDate(), opt, null, id);
}
break;
case MOUNTPOINT:
Mountpoint mp = (Mountpoint) mi;
MailItem oldMP = null;
try {
oldMP = mbox.getItemByPath(octxt, path);
if (oldMP.getType() == mi.getType()) {
oldMP = null;
}
} catch (Exception e) {
}
if (oldMP != null) {
if (r == Resolve.Modify || r == Resolve.Replace) {
mbox.delete(octxt, oldMP.getId(), oldMP.getType());
} else {
oldItem = oldMP;
}
}
if (oldItem == null) {
fldr = createParent(context, fmap, path, Folder.Type.UNKNOWN);
newItem = mbox.createMountpoint(context.opContext, fldr.getId(), mp.getName(), mp.getOwnerId(), mp.getRemoteId(), mp.getRemoteUuid(), mp.getDefaultView(), mp.getFlagBitmask(), mp.getColor(), mp.isReminderEnabled());
}
break;
case NOTE:
Note note = (Note) mi;
Note oldNote = null;
fldr = createPath(context, fmap, path, MailItem.Type.NOTE);
try {
for (Note listNote : mbox.getNoteList(octxt, fldr.getId())) {
if (note.getSubject().equals(listNote.getSubject())) {
oldNote = listNote;
break;
}
}
} catch (Exception e) {
}
if (oldNote != null) {
if (r == Resolve.Replace) {
mbox.delete(octxt, oldNote.getId(), oldNote.getType());
} else {
oldItem = oldNote;
if (r == Resolve.Modify) {
mbox.editNote(octxt, oldItem.getId(), new String(readArchiveEntry(ais, aie), UTF8));
}
}
break;
}
if (oldItem == null) {
newItem = mbox.createNote(octxt, new String(readArchiveEntry(ais, aie), UTF8), note.getBounds(), note.getColor(), fldr.getId());
}
break;
case SEARCHFOLDER:
SearchFolder sf = (SearchFolder) mi;
MailItem oldSF = null;
try {
oldSF = mbox.getItemByPath(octxt, path);
if (oldSF.getType() == mi.getType()) {
oldSF = null;
}
} catch (Exception e) {
}
if (oldSF != null) {
if (r == Resolve.Modify) {
mbox.modifySearchFolder(octxt, oldSF.getId(), sf.getQuery(), sf.getReturnTypes(), sf.getSortField());
} else if (r == Resolve.Replace) {
mbox.delete(octxt, oldSF.getId(), oldSF.getType());
} else {
oldItem = oldSF;
}
}
if (oldItem == null) {
fldr = createParent(context, fmap, path, MailItem.Type.UNKNOWN);
newItem = mbox.createSearchFolder(octxt, fldr.getId(), sf.getName(), sf.getQuery(), sf.getReturnTypes(), sf.getSortField(), sf.getFlagBitmask(), sf.getColor());
}
break;
case TAG:
Tag tag = (Tag) mi;
try {
Tag oldTag = mbox.getTagByName(octxt, tag.getName());
oldItem = oldTag;
} catch (Exception e) {
}
if (oldItem == null) {
newItem = mbox.createTag(octxt, tag.getName(), tag.getColor());
}
break;
case VIRTUAL_CONVERSATION:
return;
}
if (newItem != null) {
if (mi.getColor() != newItem.getColor()) {
mbox.setColor(octxt, newItem.getId(), newItem.getType(), mi.getColor());
}
if (!id.flags.equals(newItem.getFlagString()) || !id.tagsEqual(newItem)) {
mbox.setTags(octxt, newItem.getId(), newItem.getType(), Flag.toBitmask(id.flags), getTagNames(id), null);
}
} else if (oldItem != null && r == Resolve.Modify) {
if (mi.getColor() != oldItem.getColor()) {
mbox.setColor(octxt, oldItem.getId(), oldItem.getType(), mi.getColor());
}
if (!id.flags.equals(oldItem.getFlagString()) || !id.tagsEqual(oldItem)) {
mbox.setTags(octxt, oldItem.getId(), oldItem.getType(), Flag.toBitmask(id.flags), getTagNames(id), null);
}
}
} catch (MailServiceException e) {
if (e.getCode() == MailServiceException.QUOTA_EXCEEDED) {
throw e;
} else if (r != Resolve.Skip || e.getCode() != MailServiceException.ALREADY_EXISTS) {
addError(errs, e);
}
} catch (Exception e) {
String path = id.path;
// When importing items into, e.g. the Inbox, often path is just "/Inbox" which isn't that useful
if ((aie != null) && !Strings.isNullOrEmpty(aie.getName())) {
path = aie.getName();
}
addError(errs, FormatterServiceException.UNKNOWN_ERROR(path, e));
}
}
use of com.zimbra.cs.mailbox.ACL in project zm-mailbox by Zimbra.
the class ProxyGroupMemberSet method getUsersWithProxyAccessToCalendar.
/**
* @param readOnly - if true, return accounts which have "read" right but not "write" access.<br />
* if false, return accounts that have at least "write" access.
*/
public static Set<Account> getUsersWithProxyAccessToCalendar(DavContext ctxt, Account acct, boolean readOnly) {
Set<Account> accts = Sets.newHashSet();
try {
Mailbox mbox = MailboxManager.getInstance().getMailboxByAccount(acct);
Folder f = mbox.getFolderById(ctxt.getOperationContext(), Mailbox.ID_FOLDER_CALENDAR);
ACL acl = f.getEffectiveACL();
if (acl == null) {
return accts;
}
for (Grant g : acl.getGrants()) {
if (g.getGranteeType() != ACL.GRANTEE_USER) {
continue;
}
boolean match = readOnly ? (g.getGrantedRights() & ACL.RIGHT_READ) != 0 && (g.getGrantedRights() & ACL.RIGHT_WRITE) == 0 : (g.getGrantedRights() & ACL.RIGHT_WRITE) != 0;
if (match) {
Account user = Provisioning.getInstance().get(AccountBy.id, g.getGranteeId());
if (user != null) {
accts.add(user);
}
}
}
} catch (ServiceException se) {
ZimbraLog.dav.warn("can't get mailbox", se);
}
return accts;
}
use of com.zimbra.cs.mailbox.ACL in project zm-mailbox by Zimbra.
the class SendShareNotification method getMatchingGrantLocal.
private MatchingGrant getMatchingGrantLocal(OperationContext octxt, MailItem item, byte granteeType, String granteeId, Account ownerAcct) throws ServiceException {
if (item instanceof Mountpoint) {
Mailbox ownerMbox = MailboxManager.getInstance().getMailboxByAccount(ownerAcct, false);
if (ownerMbox == null) {
throw ServiceException.FAILURE("mailbox not found for account " + ownerAcct.getId(), null);
}
item = ownerMbox.getItemById(octxt, ((Mountpoint) item).getRemoteId(), MailItem.Type.UNKNOWN);
}
ACL acl = item.getEffectiveACL();
if (acl == null) {
return null;
}
for (ACL.Grant grant : acl.getGrants()) {
if (grant.getGranteeType() == granteeType && grant.getGranteeId().equals(granteeId)) {
return new MatchingGrant(grant);
}
}
return null;
}
use of com.zimbra.cs.mailbox.ACL in project zm-mailbox by Zimbra.
the class FolderACL method checkRights.
/*
* merge with Folder.checkRights?
*/
private short checkRights(short rightsNeeded, Account authuser, boolean asAdmin) throws ServiceException {
if (rightsNeeded == 0)
return rightsNeeded;
// the mailbox owner can do anything they want
if (authuser == null || authuser.getId().equals(mShareTarget.getAccountId()))
return rightsNeeded;
// check admin access and login right
if (canAccessOwnerAccount(authuser, asAdmin))
return rightsNeeded;
Short granted = null;
// check the ACLs to see if access has been explicitly granted
ACL rights = getEffectiveACLFromCache();
if (rights != null)
granted = rights.getGrantedRights(authuser);
else
granted = getEffectivePermissionsFromServer();
if (granted != null)
return (short) (granted.shortValue() & rightsNeeded);
return 0;
}
Aggregations