use of com.zimbra.soap.admin.type.GranteeSelector.GranteeBy in project zm-mailbox by Zimbra.
the class ProvUtil method doGetEffectiveRights.
private void doGetEffectiveRights(String[] args) throws ServiceException, ArgException {
RightArgs ra = new RightArgs(args);
getRightArgsTarget(ra);
if (prov instanceof LdapProv) {
// must provide grantee info
getRightArgsGrantee(ra, false, false);
} else {
// has more args, use it for the requested grantee
if (ra.mCurPos < args.length) {
getRightArgsGrantee(ra, false, false);
}
}
boolean expandSetAttrs = false;
boolean expandGetAttrs = false;
// if there are more args, see if they are expandSetAttrs/expandGetAttrs
for (int i = ra.mCurPos; i < args.length; i++) {
if ("expandSetAttrs".equals(args[i])) {
expandSetAttrs = true;
} else if ("expandGetAttrs".equals(args[i])) {
expandGetAttrs = true;
} else {
throw new ArgException("unrecognized arg: " + args[i]);
}
}
TargetBy targetBy = (ra.mTargetIdOrName == null) ? null : guessTargetBy(ra.mTargetIdOrName);
GranteeBy granteeBy = (ra.mGranteeIdOrName == null) ? null : guessGranteeBy(ra.mGranteeIdOrName);
RightCommand.EffectiveRights effRights = prov.getEffectiveRights(ra.mTargetType, targetBy, ra.mTargetIdOrName, granteeBy, ra.mGranteeIdOrName, expandSetAttrs, expandGetAttrs);
console.println("Account " + effRights.granteeName() + " has the following rights on target " + effRights.targetType() + " " + effRights.targetName());
dumpEffectiveRight(effRights, expandSetAttrs, expandGetAttrs);
}
use of com.zimbra.soap.admin.type.GranteeSelector.GranteeBy in project zm-mailbox by Zimbra.
the class GetGrants method handle.
@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
ZimbraSoapContext zsc = getZimbraSoapContext(context);
Provisioning prov = Provisioning.getInstance();
String targetType = null;
TargetBy targetBy = null;
String target = null;
Element eTarget = request.getOptionalElement(AdminConstants.E_TARGET);
if (eTarget != null) {
targetType = eTarget.getAttribute(AdminConstants.A_TYPE);
if (TargetType.fromCode(targetType).needsTargetIdentity()) {
targetBy = TargetBy.fromString(eTarget.getAttribute(AdminConstants.A_BY));
target = eTarget.getText();
}
// check if the authed admin has right to view grants on the desired target
TargetType tt = TargetType.fromCode(targetType);
Entry targetEntry = TargetType.lookupTarget(prov, tt, targetBy, target);
// targetEntry cannot be null by now, because lookupTarget would have thrown
// if the specified target does not exist
checkRight(zsc, targetEntry, Admin.R_viewGrants);
}
String granteeType = null;
GranteeBy granteeBy = null;
String grantee = null;
boolean granteeIncludeGroupsGranteeBelongs = true;
Element eGrantee = request.getOptionalElement(AdminConstants.E_GRANTEE);
if (eGrantee != null) {
granteeType = eGrantee.getAttribute(AdminConstants.A_TYPE);
granteeBy = GranteeBy.fromString(eGrantee.getAttribute(AdminConstants.A_BY));
grantee = eGrantee.getText();
granteeIncludeGroupsGranteeBelongs = eGrantee.getAttributeBool(AdminConstants.A_ALL);
}
RightCommand.Grants grants = RightCommand.getGrants(prov, targetType, targetBy, target, granteeType, granteeBy, grantee, granteeIncludeGroupsGranteeBelongs);
// check if the authed admin can see the zimbraACE attr on
// each of the target on which grants for the specified grantee are found
Set<String> OKedTarget = new HashSet<String>();
for (RightCommand.ACE ace : grants.getACEs()) {
TargetType tt = TargetType.fromCode(ace.targetType());
// has to look up target by name, because zimlet can only be looked up by name
Entry targetEntry = TargetType.lookupTarget(prov, tt, TargetBy.name, ace.targetName());
String targetKey = ace.targetType() + "-" + ace.targetId();
if (!OKedTarget.contains(targetKey)) {
checkRight(zsc, targetEntry, Admin.R_viewGrants);
// add the target to our OKed set, so we don't check again
OKedTarget.add(targetKey);
}
}
Element resp = zsc.createElement(AdminConstants.GET_GRANTS_RESPONSE);
grants.toXML(resp);
return resp;
}
use of com.zimbra.soap.admin.type.GranteeSelector.GranteeBy in project zm-mailbox by Zimbra.
the class GetCreateObjectAttrs method handle.
@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
ZimbraSoapContext zsc = getZimbraSoapContext(context);
Element eTarget = request.getElement(AdminConstants.E_TARGET);
String targetType = eTarget.getAttribute(AdminConstants.A_TYPE);
Key.DomainBy domainBy = null;
String domain = null;
Element eDomain = request.getOptionalElement(AdminConstants.E_DOMAIN);
if (eDomain != null) {
domainBy = Key.DomainBy.fromString(eDomain.getAttribute(AdminConstants.A_BY));
domain = eDomain.getText();
}
Key.CosBy cosBy = null;
String cos = null;
Element eCos = request.getOptionalElement(AdminConstants.E_COS);
if (eCos != null) {
cosBy = Key.CosBy.fromString(eCos.getAttribute(AdminConstants.A_BY));
cos = eCos.getText();
}
GranteeBy granteeBy = GranteeBy.id;
String grantee = zsc.getRequestedAccountId();
if (!grantee.equals(zsc.getAuthtokenAccountId())) {
checkCheckRightRight(zsc, GranteeType.GT_USER, granteeBy, grantee);
}
RightCommand.EffectiveRights er = RightCommand.getCreateObjectAttrs(Provisioning.getInstance(), targetType, domainBy, domain, cosBy, cos, granteeBy, grantee);
Element resp = zsc.createElement(AdminConstants.GET_CREATE_OBJECT_ATTRS_RESPONSE);
er.toXML_getCreateObjectAttrs(resp);
return resp;
}
use of com.zimbra.soap.admin.type.GranteeSelector.GranteeBy in project zm-mailbox by Zimbra.
the class GetEffectiveRights method handle.
@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
ZimbraSoapContext zsc = getZimbraSoapContext(context);
Pair<Boolean, Boolean> expandAttrs = parseExpandAttrs(request);
boolean expandSetAttrs = expandAttrs.getFirst();
boolean expandGetAttrs = expandAttrs.getSecond();
Element eTarget = request.getElement(AdminConstants.E_TARGET);
String targetType = eTarget.getAttribute(AdminConstants.A_TYPE);
TargetBy targetBy = null;
String target = null;
if (TargetType.fromCode(targetType).needsTargetIdentity()) {
targetBy = TargetBy.fromString(eTarget.getAttribute(AdminConstants.A_BY));
target = eTarget.getText();
}
Element eGrantee = request.getOptionalElement(AdminConstants.E_GRANTEE);
GranteeBy granteeBy;
String grantee;
if (eGrantee != null) {
String granteeType = eGrantee.getAttribute(AdminConstants.A_TYPE, GranteeType.GT_USER.getCode());
if (GranteeType.fromCode(granteeType) != GranteeType.GT_USER)
throw ServiceException.INVALID_REQUEST("invalid grantee type " + granteeType, null);
granteeBy = GranteeBy.fromString(eGrantee.getAttribute(AdminConstants.A_BY));
grantee = eGrantee.getText();
} else {
granteeBy = GranteeBy.id;
grantee = zsc.getRequestedAccountId();
}
if (!grantee.equals(zsc.getAuthtokenAccountId())) {
checkCheckRightRight(zsc, GranteeType.GT_USER, granteeBy, grantee);
}
RightCommand.EffectiveRights er = RightCommand.getEffectiveRights(Provisioning.getInstance(), targetType, targetBy, target, granteeBy, grantee, expandSetAttrs, expandGetAttrs);
Element resp = zsc.createElement(AdminConstants.GET_EFFECTIVE_RIGHTS_RESPONSE);
er.toXML_getEffectiveRights(resp);
return resp;
}
use of com.zimbra.soap.admin.type.GranteeSelector.GranteeBy in project zm-mailbox by Zimbra.
the class GetAllEffectiveRights method handle.
@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
ZimbraSoapContext zsc = getZimbraSoapContext(context);
Pair<Boolean, Boolean> expandAttrs = parseExpandAttrs(request);
boolean expandSetAttrs = expandAttrs.getFirst();
boolean expandGetAttrs = expandAttrs.getSecond();
Element eGrantee = request.getOptionalElement(AdminConstants.E_GRANTEE);
String granteeType;
GranteeBy granteeBy;
String grantee;
if (eGrantee != null) {
granteeType = eGrantee.getAttribute(AdminConstants.A_TYPE, GranteeType.GT_USER.getCode());
granteeBy = GranteeBy.fromString(eGrantee.getAttribute(AdminConstants.A_BY));
grantee = eGrantee.getText();
} else {
granteeType = GranteeType.GT_USER.getCode();
granteeBy = GranteeBy.id;
grantee = zsc.getRequestedAccountId();
}
GranteeType gt = GranteeType.fromCode(granteeType);
if (!grantee.equals(zsc.getAuthtokenAccountId())) {
checkCheckRightRight(zsc, gt, granteeBy, grantee);
}
RightCommand.AllEffectiveRights aer = RightCommand.getAllEffectiveRights(Provisioning.getInstance(), granteeType, granteeBy, grantee, expandSetAttrs, expandGetAttrs);
Element resp = zsc.createElement(AdminConstants.GET_ALL_EFFECTIVE_RIGHTS_RESPONSE);
aer.toXML(resp);
return resp;
}
Aggregations