Examples with AdminSession com.zimbra.cs.session.AdminSession used on opensource projects

Example 1 with AdminSession

use of com.zimbra.cs.session.AdminSession in project zm-mailbox by Zimbra.

the class GetMailboxStats method handle.

@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
    ZimbraSoapContext zsc = getZimbraSoapContext(context);
    Server localServer = Provisioning.getInstance().getLocalServer();
    checkRight(zsc, context, localServer, Admin.R_getMailboxStats);
    MailboxStats stats = null;
    AdminSession session = (AdminSession) getSession(zsc, Session.Type.ADMIN);
    if (session != null) {
        MailboxStats cachedStats = (MailboxStats) session.getData(GET_MAILBOX_STATS_CACHE_KEY);
        if (cachedStats == null) {
            stats = doStats();
            session.setData(GET_MAILBOX_STATS_CACHE_KEY, stats);
        } else {
            stats = cachedStats;
        }
    } else {
        stats = doStats();
    }
    Element response = zsc.createElement(AdminConstants.GET_MAILBOX_STATS_RESPONSE);
    Element statsElem = response.addElement(AdminConstants.E_STATS);
    statsElem.addAttribute(AdminConstants.A_NUM_MBOXES, stats.mNumMboxes);
    statsElem.addAttribute(AdminConstants.A_TOTAL_SIZE, stats.mTotalSize);
    return response;
}

Example 2 with AdminSession

use of com.zimbra.cs.session.AdminSession in project zm-mailbox by Zimbra.

the class DocumentHandler method getSession.

/** Fetches a {@link Session} object to persist and manage state between
     *  SOAP requests.  If no appropriate session already exists, a new one
     *  is created if possible.
     *
     * @param zsc The encapsulation of the SOAP request's <tt>&lt;context</tt>
     *            element.
     * @param stype  The type of session needed.
     * @return An in-memory {@link Session} object of the specified type,
     *         referenced by the request's {@link ZimbraSoapContext} object,
     *         or <tt>null</tt>.
     * @see SessionCache#SESSION_SOAP
     * @see SessionCache#SESSION_ADMIN */
protected Session getSession(ZimbraSoapContext zsc, Session.Type stype) {
    if (zsc == null || stype == null || !zsc.isNotificationEnabled()) {
        return null;
    }
    String authAccountId = zsc.getAuthtokenAccountId();
    if (authAccountId == null) {
        return null;
    }
    // if they asked for a SOAP session on a remote host and it's a non-proxied request, we don't notify
    boolean isLocal = zsc.isAuthUserOnLocalhost();
    if (stype == Session.Type.SOAP && !isLocal && !zsc.isSessionProxied()) {
        return null;
    }
    Session s = null;
    // if the caller referenced a session of this type, fetch it from the session cache
    SessionInfo sinfo = zsc.getSessionInfo();
    if (sinfo != null) {
        s = SessionCache.lookup(sinfo.sessionId, authAccountId);
        if (s == null) {
            // purge dangling references from the context's list of referenced sessions
            ZimbraLog.session.info("requested session no longer exists: " + sinfo.sessionId);
            zsc.clearSessionInfo();
        } else if (s.getSessionType() != stype) {
            // only want a session of the appropriate type
            s = null;
        }
    }
    // if there's no valid referenced session, create a new session of the requested type
    if (s == null) {
        try {
            if (stype == Session.Type.SOAP) {
                s = SoapSessionFactory.getInstance().getSoapSession(zsc).register();
            } else if (stype == Session.Type.ADMIN) {
                s = new AdminSession(authAccountId).register();
            }
        } catch (ServiceException e) {
            ZimbraLog.session.info("exception while creating session", e);
        }
        if (s != null) {
            zsc.recordNewSession(s.getSessionId());
        }
    }
    //   (note that if the requested account is remote, getDelegateSession returns null)
    if (s instanceof SoapSession && zsc.isDelegatedRequest()) {
        Session delegate = ((SoapSession) s).getDelegateSession(zsc.getRequestedAccountId());
        if (delegate != null) {
            s = delegate;
        }
    }
    return s;
}

Example 3 with AdminSession

use of com.zimbra.cs.session.AdminSession in project zm-mailbox by Zimbra.

the class SearchAutoProvDirectory method handle.

public Element handle(Element request, Map<String, Object> context) throws ServiceException {
    ZimbraSoapContext zsc = getZimbraSoapContext(context);
    Provisioning prov = Provisioning.getInstance();
    String query = request.getAttribute(AdminConstants.E_QUERY, null);
    String name = request.getAttribute(AdminConstants.E_NAME, null);
    if ((query != null) && (name != null)) {
        throw ServiceException.INVALID_REQUEST("only one of filter or name can be provided", null);
    }
    int maxResults = (int) request.getAttributeLong(AdminConstants.A_MAX_RESULTS, SearchDirectory.MAX_SEARCH_RESULTS);
    int limit = (int) request.getAttributeLong(AdminConstants.A_LIMIT, Integer.MAX_VALUE);
    if (limit == 0) {
        limit = Integer.MAX_VALUE;
    }
    int offset = (int) request.getAttributeLong(AdminConstants.A_OFFSET, 0);
    boolean refresh = request.getAttributeBool(AdminConstants.A_REFRESH, false);
    String keyAttr = request.getAttribute(AdminConstants.A_KEYATTR);
    String attrsStr = request.getAttribute(AdminConstants.A_ATTRS, null);
    String[] returnAttrs = null;
    if (attrsStr != null) {
        Set<String> attrs = new HashSet<String>();
        for (String attr : Splitter.on(',').trimResults().split(attrsStr)) {
            attrs.add(attr);
        }
        if (!attrs.contains(keyAttr)) {
            attrs.add(keyAttr);
        }
        returnAttrs = attrs.toArray(new String[attrs.size()]);
    }
    Element eDomain = request.getElement(AdminConstants.E_DOMAIN);
    DomainBy domainBy = DomainBy.fromString(eDomain.getAttribute(AdminConstants.A_BY));
    String domainValue = eDomain.getText();
    Domain domain = prov.get(domainBy, domainValue);
    if (domain == null) {
        throw AccountServiceException.NO_SUCH_DOMAIN(domainValue);
    }
    checkRight(zsc, context, domain, Admin.R_autoProvisionAccount);
    AdminSession session = (AdminSession) getSession(zsc, Session.Type.ADMIN);
    List<Entry> entryList = null;
    if (session != null) {
        Cache.Params params = new Cache.Params(domain, query, name, keyAttr, returnAttrs, maxResults);
        if (!refresh) {
            entryList = Cache.getFromCache(session, params);
        }
        if (entryList == null) {
            entryList = search(domain, query, name, keyAttr, returnAttrs, maxResults);
            Cache.putInCache(session, params, entryList);
        }
    } else {
        entryList = search(domain, query, name, keyAttr, returnAttrs, maxResults);
    }
    Element response = zsc.createElement(AdminConstants.SEARCH_AUTO_PROV_DIRECTORY_RESPONSE);
    encodeEntries(response, entryList, keyAttr, offset, limit);
    return response;
}

Example 4 with AdminSession

use of com.zimbra.cs.session.AdminSession in project zm-mailbox by Zimbra.

the class SearchCalendarResources method handle.

@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
    ZimbraSoapContext zsc = getZimbraSoapContext(context);
    Provisioning prov = Provisioning.getInstance();
    int limit = (int) request.getAttributeLong(AdminConstants.A_LIMIT, Integer.MAX_VALUE);
    if (limit == 0)
        limit = Integer.MAX_VALUE;
    int offset = (int) request.getAttributeLong(AdminConstants.A_OFFSET, 0);
    String domain = request.getAttribute(AdminConstants.A_DOMAIN, null);
    boolean applyCos = request.getAttributeBool(AdminConstants.A_APPLY_COS, true);
    String sortBy = request.getAttribute(AdminConstants.A_SORT_BY, null);
    boolean sortAscending = request.getAttributeBool(AdminConstants.A_SORT_ASCENDING, true);
    String attrsStr = request.getAttribute(AdminConstants.A_ATTRS, null);
    String[] attrs = attrsStr == null ? null : attrsStr.split(",");
    EntrySearchFilter filter = GalExtraSearchFilter.parseSearchFilter(request);
    // Note: isDomainAdminOnly *always* returns false for pure ACL based AccessManager
    if (isDomainAdminOnly(zsc)) {
        if (domain == null) {
            domain = getAuthTokenAccountDomain(zsc).getName();
        } else {
            checkDomainRight(zsc, domain, AdminRight.PR_ALWAYS_ALLOW);
        }
    }
    Domain d = null;
    if (domain != null) {
        d = prov.get(Key.DomainBy.name, domain);
        if (d == null)
            throw AccountServiceException.NO_SUCH_DOMAIN(domain);
    }
    AdminAccessControl aac = AdminAccessControl.getAdminAccessControl(zsc);
    AdminAccessControl.SearchDirectoryRightChecker rightChecker = new AdminAccessControl.SearchDirectoryRightChecker(aac, prov, null);
    // filter is not RFC 2254 escaped
    // query is RFC 2254 escaped
    String query = LdapEntrySearchFilter.toLdapCalendarResourcesFilter(filter);
    SearchDirectoryOptions options = new SearchDirectoryOptions();
    options.setDomain(d);
    options.setTypes(SearchDirectoryOptions.ObjectType.resources);
    options.setFilterString(FilterId.ADMIN_SEARCH, query);
    options.setReturnAttrs(attrs);
    options.setSortOpt(sortAscending ? SortOpt.SORT_ASCENDING : SortOpt.SORT_DESCENDING);
    options.setSortAttr(sortBy);
    options.setConvertIDNToAscii(true);
    List<NamedEntry> resources;
    int limitMax = offset + limit;
    AdminSession session = (AdminSession) getSession(zsc, Session.Type.ADMIN);
    if (session != null) {
        resources = session.searchDirectory(options, offset, rightChecker);
    } else {
        resources = prov.searchDirectory(options);
        resources = rightChecker.getAllowed(resources, limitMax);
    }
    Element response = zsc.createElement(AdminConstants.SEARCH_CALENDAR_RESOURCES_RESPONSE);
    int numEntries;
    for (numEntries = offset; numEntries < limitMax && numEntries < resources.size(); numEntries++) {
        NamedEntry entry = resources.get(numEntries);
        ToXML.encodeCalendarResource(response, (CalendarResource) entry, applyCos, null, aac.getAttrRightChecker(entry));
    }
    response.addAttribute(AdminConstants.A_MORE, numEntries < resources.size());
    response.addAttribute(AdminConstants.A_SEARCH_TOTAL, resources.size());
    return response;
}

Example 5 with AdminSession

use of com.zimbra.cs.session.AdminSession in project zm-mailbox by Zimbra.

the class ModifyAccount method handle.

@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
    ZimbraSoapContext zsc = getZimbraSoapContext(context);
    Provisioning prov = Provisioning.getInstance();
    ModifyAccountRequest req = JaxbUtil.elementToJaxb(request);
    AuthToken authToken = zsc.getAuthToken();
    String id = req.getId();
    if (null == id) {
        throw ServiceException.INVALID_REQUEST("missing required attribute: " + AdminConstants.E_ID, null);
    }
    Account account = prov.get(AccountBy.id, id, authToken);
    Map<String, Object> attrs = req.getAttrsAsOldMultimap();
    defendAgainstAccountHarvesting(account, AccountBy.id, id, zsc, attrs);
    // check to see if quota is being changed
    long curQuota = account.getLongAttr(Provisioning.A_zimbraMailQuota, 0);
    /*
         * // Note: isDomainAdminOnly *always* returns false for pure ACL based AccessManager // checkQuota is called
         * only for domain based access manager, remove when we // can totally deprecate domain based access manager if
         * (isDomainAdminOnly(zsc)) checkQuota(zsc, account, attrs);
         */
    /*
         * for bug 42896, the above is no longer true.
         * 
         * For quota, we have to support the per admin limitation zimbraDomainAdminMaxMailQuota, until we come up with a
         * framework to support constraints on a per admin basis.
         * 
         * for now, always call checkQuota, which will check zimbraDomainAdminMaxMailQuota.
         * 
         * If the access manager, and if we have come here, it has already passed the constraint checking, in the
         * checkAccountRight call. If it had violated any constraint, it would have errored out. i.e. for
         * zimbraMailQuota, both zimbraConstraint and zimbraDomainAdminMaxMailQuota are enforced.
         */
    checkQuota(zsc, account, attrs);
    // check to see if cos is being changed, need right on new cos
    checkCos(zsc, account, attrs);
    Server newServer = null;
    String newServerName = getStringAttrNewValue(Provisioning.A_zimbraMailHost, attrs);
    if (newServerName != null) {
        newServer = Provisioning.getInstance().getServerByName(newServerName);
        defendAgainstServerNameHarvesting(newServer, Key.ServerBy.name, newServerName, zsc, Admin.R_listServer);
    }
    // pass in true to checkImmutable
    prov.modifyAttrs(account, attrs, true);
    // get account again, in the case when zimbraCOSId or zimbraForeignPrincipal
    // is changed, the cache object(he one we are holding on to) would'd been
    // flushed out from cache. Get the account again to get the fresh one.
    account = prov.get(AccountBy.id, id, zsc.getAuthToken());
    ZimbraLog.security.info(ZimbraLog.encodeAttrs(new String[] { "cmd", "ModifyAccount", "name", account.getName() }, attrs));
    if (newServer != null) {
        checkNewServer(zsc, context, account, newServer);
    }
    long newQuota = account.getLongAttr(Provisioning.A_zimbraMailQuota, 0);
    if (newQuota != curQuota) {
        // clear the quota cache
        AdminSession session = (AdminSession) getSession(zsc, Session.Type.ADMIN);
        if (session != null) {
            GetQuotaUsage.clearCachedQuotaUsage(session);
        }
    }
    Element response = zsc.createElement(AdminConstants.MODIFY_ACCOUNT_RESPONSE);
    ToXML.encodeAccount(response, account);
    return response;
}