use of com.zimbra.soap.admin.type.GranteeSelector.GranteeBy in project zm-mailbox by Zimbra.
the class ProvUtil method doGetGrants.
private void doGetGrants(String[] args) throws ServiceException, ArgException {
RightArgs ra = new RightArgs(args);
boolean granteeIncludeGroupsGranteeBelongs = true;
while (ra.hasNext()) {
String arg = ra.getNextArg();
if ("-t".equals(arg)) {
getRightArgsTarget(ra);
} else if ("-g".equals(arg)) {
getRightArgsGrantee(ra, true, false);
if (ra.hasNext()) {
String includeGroups = ra.getNextArg();
if ("1".equals(includeGroups)) {
granteeIncludeGroupsGranteeBelongs = true;
} else if ("0".equals(includeGroups)) {
granteeIncludeGroupsGranteeBelongs = false;
} else {
throw ServiceException.INVALID_REQUEST("invalid value for the include group flag, must be 0 or 1", null);
}
}
}
}
TargetBy targetBy = (ra.mTargetIdOrName == null) ? null : guessTargetBy(ra.mTargetIdOrName);
GranteeBy granteeBy = (ra.mGranteeIdOrName == null) ? null : guessGranteeBy(ra.mGranteeIdOrName);
RightCommand.Grants grants = prov.getGrants(ra.mTargetType, targetBy, ra.mTargetIdOrName, ra.mGranteeType, granteeBy, ra.mGranteeIdOrName, granteeIncludeGroupsGranteeBelongs);
String format = "%-12.12s %-36.36s %-30.30s %-12.12s %-36.36s %-30.30s %s\n";
console.printf(format, "target type", "target id", "target name", "grantee type", "grantee id", "grantee name", "right");
console.printf(format, "------------", "------------------------------------", "------------------------------", "------------", "------------------------------------", "------------------------------", "--------------------");
for (RightCommand.ACE ace : grants.getACEs()) {
// String deny = ace.deny()?"-":"";
RightModifier rightModifier = ace.rightModifier();
String rm = (rightModifier == null) ? "" : String.valueOf(rightModifier.getModifier());
console.printf(format, ace.targetType(), ace.targetId(), ace.targetName(), ace.granteeType(), ace.granteeId(), ace.granteeName(), rm + ace.right());
}
console.println();
}
use of com.zimbra.soap.admin.type.GranteeSelector.GranteeBy in project zm-mailbox by Zimbra.
the class ProvUtil method doCheckRight.
private void doCheckRight(String[] args) throws ServiceException, ArgException {
RightArgs ra = new RightArgs(args);
// todo, handle secret
getRightArgs(ra, false, false);
Map<String, Object> attrs = getMap(args, ra.mCurPos);
TargetBy targetBy = (ra.mTargetIdOrName == null) ? null : guessTargetBy(ra.mTargetIdOrName);
GranteeBy granteeBy = guessGranteeBy(ra.mGranteeIdOrName);
AccessManager.ViaGrant via = new AccessManager.ViaGrant();
boolean allow = prov.checkRight(ra.mTargetType, targetBy, ra.mTargetIdOrName, granteeBy, ra.mGranteeIdOrName, ra.mRight, attrs, via);
console.println(allow ? "ALLOWED" : "DENIED");
if (via.available()) {
console.println("Via:");
console.println(" target type : " + via.getTargetType());
console.println(" target : " + via.getTargetName());
console.println(" grantee type : " + via.getGranteeType());
console.println(" grantee : " + via.getGranteeName());
console.println(" right : " + (via.isNegativeGrant() ? "DENY " : "") + via.getRight());
console.println();
}
}
use of com.zimbra.soap.admin.type.GranteeSelector.GranteeBy in project zm-mailbox by Zimbra.
the class ProvUtil method doGetAllEffectiveRights.
private void doGetAllEffectiveRights(String[] args) throws ServiceException, ArgException {
RightArgs ra = new RightArgs(args);
if (prov instanceof LdapProv) {
// must provide grantee info
getRightArgsGrantee(ra, true, false);
} else {
// has more args, use it for the requested grantee
if (ra.mCurPos < args.length) {
getRightArgsGrantee(ra, true, false);
}
}
boolean expandSetAttrs = false;
boolean expandGetAttrs = false;
// if there are more args, see if they are expandSetAttrs/expandGetAttrs
for (int i = ra.mCurPos; i < args.length; i++) {
if ("expandSetAttrs".equals(args[i])) {
expandSetAttrs = true;
} else if ("expandGetAttrs".equals(args[i])) {
expandGetAttrs = true;
} else {
throw new ArgException("unrecognized arg: " + args[i]);
}
}
GranteeBy granteeBy = (ra.mGranteeIdOrName == null) ? null : guessGranteeBy(ra.mGranteeIdOrName);
RightCommand.AllEffectiveRights allEffRights = prov.getAllEffectiveRights(ra.mGranteeType, granteeBy, ra.mGranteeIdOrName, expandSetAttrs, expandGetAttrs);
console.println(allEffRights.granteeType() + " " + allEffRights.granteeName() + "(" + allEffRights.granteeId() + ")" + " has the following rights:");
for (Map.Entry<TargetType, RightCommand.RightsByTargetType> rightsByTargetType : allEffRights.rightsByTargetType().entrySet()) {
RightCommand.RightsByTargetType rbtt = rightsByTargetType.getValue();
if (!rbtt.hasNoRight()) {
dumpRightsByTargetType(rightsByTargetType.getKey(), rbtt, expandSetAttrs, expandGetAttrs);
}
}
}
use of com.zimbra.soap.admin.type.GranteeSelector.GranteeBy in project zm-mailbox by Zimbra.
the class ProvUtil method doGetCreateObjectAttrs.
/**
* for testing only, not used in production
*/
private void doGetCreateObjectAttrs(String[] args) throws ServiceException {
String targetType = args[1];
Key.DomainBy domainBy = null;
String domain = null;
if (!args[2].equals("null")) {
domainBy = guessDomainBy(args[2]);
domain = args[2];
}
Key.CosBy cosBy = null;
String cos = null;
if (!args[3].equals("null")) {
cosBy = guessCosBy(args[3]);
cos = args[3];
}
GranteeBy granteeBy = null;
String grantee = null;
// for SoapProvisioning, -a {admin account} -p {password} is required with zmprov
if (prov instanceof LdapProv) {
granteeBy = guessGranteeBy(args[4]);
grantee = args[4];
}
console.println("Domain: " + domain);
console.println("Cos: " + cos);
console.println("Grantee: " + grantee);
console.println();
RightCommand.EffectiveRights effRights = prov.getCreateObjectAttrs(targetType, domainBy, domain, cosBy, cos, granteeBy, grantee);
displayAttrs("set", true, effRights.canSetAllAttrs(), effRights.canSetAttrs());
}
use of com.zimbra.soap.admin.type.GranteeSelector.GranteeBy in project zm-mailbox by Zimbra.
the class ProvUtil method doRevokeRight.
private void doRevokeRight(String[] args) throws ServiceException, ArgException {
RightArgs ra = new RightArgs(args);
getRightArgs(ra, true, false);
TargetBy targetBy = (ra.mTargetIdOrName == null) ? null : guessTargetBy(ra.mTargetIdOrName);
GranteeBy granteeBy = (ra.mGranteeIdOrName == null) ? null : guessGranteeBy(ra.mGranteeIdOrName);
prov.revokeRight(ra.mTargetType, targetBy, ra.mTargetIdOrName, ra.mGranteeType, granteeBy, ra.mGranteeIdOrName, ra.mRight, ra.mRightModifier);
}
Aggregations