Search in sources :

Example 1 with GranteeBy

use of com.zimbra.soap.admin.type.GranteeSelector.GranteeBy in project zm-mailbox by Zimbra.

the class ProvUtil method doGetGrants.

private void doGetGrants(String[] args) throws ServiceException, ArgException {
    RightArgs ra = new RightArgs(args);
    boolean granteeIncludeGroupsGranteeBelongs = true;
    while (ra.hasNext()) {
        String arg = ra.getNextArg();
        if ("-t".equals(arg)) {
            getRightArgsTarget(ra);
        } else if ("-g".equals(arg)) {
            getRightArgsGrantee(ra, true, false);
            if (ra.hasNext()) {
                String includeGroups = ra.getNextArg();
                if ("1".equals(includeGroups)) {
                    granteeIncludeGroupsGranteeBelongs = true;
                } else if ("0".equals(includeGroups)) {
                    granteeIncludeGroupsGranteeBelongs = false;
                } else {
                    throw ServiceException.INVALID_REQUEST("invalid value for the include group flag, must be 0 or 1", null);
                }
            }
        }
    }
    TargetBy targetBy = (ra.mTargetIdOrName == null) ? null : guessTargetBy(ra.mTargetIdOrName);
    GranteeBy granteeBy = (ra.mGranteeIdOrName == null) ? null : guessGranteeBy(ra.mGranteeIdOrName);
    RightCommand.Grants grants = prov.getGrants(ra.mTargetType, targetBy, ra.mTargetIdOrName, ra.mGranteeType, granteeBy, ra.mGranteeIdOrName, granteeIncludeGroupsGranteeBelongs);
    String format = "%-12.12s %-36.36s %-30.30s %-12.12s %-36.36s %-30.30s %s\n";
    console.printf(format, "target type", "target id", "target name", "grantee type", "grantee id", "grantee name", "right");
    console.printf(format, "------------", "------------------------------------", "------------------------------", "------------", "------------------------------------", "------------------------------", "--------------------");
    for (RightCommand.ACE ace : grants.getACEs()) {
        // String deny = ace.deny()?"-":"";
        RightModifier rightModifier = ace.rightModifier();
        String rm = (rightModifier == null) ? "" : String.valueOf(rightModifier.getModifier());
        console.printf(format, ace.targetType(), ace.targetId(), ace.targetName(), ace.granteeType(), ace.granteeId(), ace.granteeName(), rm + ace.right());
    }
    console.println();
}
Also used : GranteeBy(com.zimbra.soap.admin.type.GranteeSelector.GranteeBy) RightModifier(com.zimbra.cs.account.accesscontrol.RightModifier) TargetBy(com.zimbra.soap.type.TargetBy) RightCommand(com.zimbra.cs.account.accesscontrol.RightCommand)

Example 2 with GranteeBy

use of com.zimbra.soap.admin.type.GranteeSelector.GranteeBy in project zm-mailbox by Zimbra.

the class ProvUtil method doCheckRight.

private void doCheckRight(String[] args) throws ServiceException, ArgException {
    RightArgs ra = new RightArgs(args);
    // todo, handle secret
    getRightArgs(ra, false, false);
    Map<String, Object> attrs = getMap(args, ra.mCurPos);
    TargetBy targetBy = (ra.mTargetIdOrName == null) ? null : guessTargetBy(ra.mTargetIdOrName);
    GranteeBy granteeBy = guessGranteeBy(ra.mGranteeIdOrName);
    AccessManager.ViaGrant via = new AccessManager.ViaGrant();
    boolean allow = prov.checkRight(ra.mTargetType, targetBy, ra.mTargetIdOrName, granteeBy, ra.mGranteeIdOrName, ra.mRight, attrs, via);
    console.println(allow ? "ALLOWED" : "DENIED");
    if (via.available()) {
        console.println("Via:");
        console.println("    target type  : " + via.getTargetType());
        console.println("    target       : " + via.getTargetName());
        console.println("    grantee type : " + via.getGranteeType());
        console.println("    grantee      : " + via.getGranteeName());
        console.println("    right        : " + (via.isNegativeGrant() ? "DENY " : "") + via.getRight());
        console.println();
    }
}
Also used : GranteeBy(com.zimbra.soap.admin.type.GranteeSelector.GranteeBy) TargetBy(com.zimbra.soap.type.TargetBy)

Example 3 with GranteeBy

use of com.zimbra.soap.admin.type.GranteeSelector.GranteeBy in project zm-mailbox by Zimbra.

the class ProvUtil method doGetAllEffectiveRights.

private void doGetAllEffectiveRights(String[] args) throws ServiceException, ArgException {
    RightArgs ra = new RightArgs(args);
    if (prov instanceof LdapProv) {
        // must provide grantee info
        getRightArgsGrantee(ra, true, false);
    } else {
        // has more args, use it for the requested grantee
        if (ra.mCurPos < args.length) {
            getRightArgsGrantee(ra, true, false);
        }
    }
    boolean expandSetAttrs = false;
    boolean expandGetAttrs = false;
    // if there are more args, see if they are expandSetAttrs/expandGetAttrs
    for (int i = ra.mCurPos; i < args.length; i++) {
        if ("expandSetAttrs".equals(args[i])) {
            expandSetAttrs = true;
        } else if ("expandGetAttrs".equals(args[i])) {
            expandGetAttrs = true;
        } else {
            throw new ArgException("unrecognized arg: " + args[i]);
        }
    }
    GranteeBy granteeBy = (ra.mGranteeIdOrName == null) ? null : guessGranteeBy(ra.mGranteeIdOrName);
    RightCommand.AllEffectiveRights allEffRights = prov.getAllEffectiveRights(ra.mGranteeType, granteeBy, ra.mGranteeIdOrName, expandSetAttrs, expandGetAttrs);
    console.println(allEffRights.granteeType() + " " + allEffRights.granteeName() + "(" + allEffRights.granteeId() + ")" + " has the following rights:");
    for (Map.Entry<TargetType, RightCommand.RightsByTargetType> rightsByTargetType : allEffRights.rightsByTargetType().entrySet()) {
        RightCommand.RightsByTargetType rbtt = rightsByTargetType.getValue();
        if (!rbtt.hasNoRight()) {
            dumpRightsByTargetType(rightsByTargetType.getKey(), rbtt, expandSetAttrs, expandGetAttrs);
        }
    }
}
Also used : LdapProv(com.zimbra.cs.account.ldap.LdapProv) GranteeBy(com.zimbra.soap.admin.type.GranteeSelector.GranteeBy) TargetType(com.zimbra.cs.account.accesscontrol.TargetType) RightCommand(com.zimbra.cs.account.accesscontrol.RightCommand) Map(java.util.Map) TreeMap(java.util.TreeMap) SortedMap(java.util.SortedMap) HashMap(java.util.HashMap)

Example 4 with GranteeBy

use of com.zimbra.soap.admin.type.GranteeSelector.GranteeBy in project zm-mailbox by Zimbra.

the class ProvUtil method doGetCreateObjectAttrs.

/**
     * for testing only, not used in production
     */
private void doGetCreateObjectAttrs(String[] args) throws ServiceException {
    String targetType = args[1];
    Key.DomainBy domainBy = null;
    String domain = null;
    if (!args[2].equals("null")) {
        domainBy = guessDomainBy(args[2]);
        domain = args[2];
    }
    Key.CosBy cosBy = null;
    String cos = null;
    if (!args[3].equals("null")) {
        cosBy = guessCosBy(args[3]);
        cos = args[3];
    }
    GranteeBy granteeBy = null;
    String grantee = null;
    // for SoapProvisioning, -a {admin account} -p {password} is required with zmprov
    if (prov instanceof LdapProv) {
        granteeBy = guessGranteeBy(args[4]);
        grantee = args[4];
    }
    console.println("Domain:  " + domain);
    console.println("Cos:     " + cos);
    console.println("Grantee: " + grantee);
    console.println();
    RightCommand.EffectiveRights effRights = prov.getCreateObjectAttrs(targetType, domainBy, domain, cosBy, cos, granteeBy, grantee);
    displayAttrs("set", true, effRights.canSetAllAttrs(), effRights.canSetAttrs());
}
Also used : GranteeBy(com.zimbra.soap.admin.type.GranteeSelector.GranteeBy) RightCommand(com.zimbra.cs.account.accesscontrol.RightCommand) Key(com.zimbra.common.account.Key) LdapProv(com.zimbra.cs.account.ldap.LdapProv)

Example 5 with GranteeBy

use of com.zimbra.soap.admin.type.GranteeSelector.GranteeBy in project zm-mailbox by Zimbra.

the class ProvUtil method doRevokeRight.

private void doRevokeRight(String[] args) throws ServiceException, ArgException {
    RightArgs ra = new RightArgs(args);
    getRightArgs(ra, true, false);
    TargetBy targetBy = (ra.mTargetIdOrName == null) ? null : guessTargetBy(ra.mTargetIdOrName);
    GranteeBy granteeBy = (ra.mGranteeIdOrName == null) ? null : guessGranteeBy(ra.mGranteeIdOrName);
    prov.revokeRight(ra.mTargetType, targetBy, ra.mTargetIdOrName, ra.mGranteeType, granteeBy, ra.mGranteeIdOrName, ra.mRight, ra.mRightModifier);
}
Also used : GranteeBy(com.zimbra.soap.admin.type.GranteeSelector.GranteeBy) TargetBy(com.zimbra.soap.type.TargetBy)

Aggregations

GranteeBy (com.zimbra.soap.admin.type.GranteeSelector.GranteeBy)12 RightCommand (com.zimbra.cs.account.accesscontrol.RightCommand)8 TargetBy (com.zimbra.soap.type.TargetBy)8 Element (com.zimbra.common.soap.Element)5 ZimbraSoapContext (com.zimbra.soap.ZimbraSoapContext)5 LdapProv (com.zimbra.cs.account.ldap.LdapProv)3 Key (com.zimbra.common.account.Key)2 GranteeType (com.zimbra.cs.account.accesscontrol.GranteeType)2 TargetType (com.zimbra.cs.account.accesscontrol.TargetType)2 ViaGrant (com.zimbra.cs.account.AccessManager.ViaGrant)1 Account (com.zimbra.cs.account.Account)1 Entry (com.zimbra.cs.account.Entry)1 GuestAccount (com.zimbra.cs.account.GuestAccount)1 MailTarget (com.zimbra.cs.account.MailTarget)1 NamedEntry (com.zimbra.cs.account.NamedEntry)1 Provisioning (com.zimbra.cs.account.Provisioning)1 RightModifier (com.zimbra.cs.account.accesscontrol.RightModifier)1 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 Map (java.util.Map)1