Search in sources :

Example 6 with GranteeBy

use of com.zimbra.soap.admin.type.GranteeSelector.GranteeBy in project zm-mailbox by Zimbra.

the class ProvUtil method doGetEffectiveRights.

private void doGetEffectiveRights(String[] args) throws ServiceException, ArgException {
    RightArgs ra = new RightArgs(args);
    getRightArgsTarget(ra);
    if (prov instanceof LdapProv) {
        // must provide grantee info
        getRightArgsGrantee(ra, false, false);
    } else {
        // has more args, use it for the requested grantee
        if (ra.mCurPos < args.length) {
            getRightArgsGrantee(ra, false, false);
        }
    }
    boolean expandSetAttrs = false;
    boolean expandGetAttrs = false;
    // if there are more args, see if they are expandSetAttrs/expandGetAttrs
    for (int i = ra.mCurPos; i < args.length; i++) {
        if ("expandSetAttrs".equals(args[i])) {
            expandSetAttrs = true;
        } else if ("expandGetAttrs".equals(args[i])) {
            expandGetAttrs = true;
        } else {
            throw new ArgException("unrecognized arg: " + args[i]);
        }
    }
    TargetBy targetBy = (ra.mTargetIdOrName == null) ? null : guessTargetBy(ra.mTargetIdOrName);
    GranteeBy granteeBy = (ra.mGranteeIdOrName == null) ? null : guessGranteeBy(ra.mGranteeIdOrName);
    RightCommand.EffectiveRights effRights = prov.getEffectiveRights(ra.mTargetType, targetBy, ra.mTargetIdOrName, granteeBy, ra.mGranteeIdOrName, expandSetAttrs, expandGetAttrs);
    console.println("Account " + effRights.granteeName() + " has the following rights on target " + effRights.targetType() + " " + effRights.targetName());
    dumpEffectiveRight(effRights, expandSetAttrs, expandGetAttrs);
}
Also used : GranteeBy(com.zimbra.soap.admin.type.GranteeSelector.GranteeBy) TargetBy(com.zimbra.soap.type.TargetBy) RightCommand(com.zimbra.cs.account.accesscontrol.RightCommand) LdapProv(com.zimbra.cs.account.ldap.LdapProv)

Example 7 with GranteeBy

use of com.zimbra.soap.admin.type.GranteeSelector.GranteeBy in project zm-mailbox by Zimbra.

the class GetGrants method handle.

@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
    ZimbraSoapContext zsc = getZimbraSoapContext(context);
    Provisioning prov = Provisioning.getInstance();
    String targetType = null;
    TargetBy targetBy = null;
    String target = null;
    Element eTarget = request.getOptionalElement(AdminConstants.E_TARGET);
    if (eTarget != null) {
        targetType = eTarget.getAttribute(AdminConstants.A_TYPE);
        if (TargetType.fromCode(targetType).needsTargetIdentity()) {
            targetBy = TargetBy.fromString(eTarget.getAttribute(AdminConstants.A_BY));
            target = eTarget.getText();
        }
        // check if the authed admin has right to view grants on the desired target
        TargetType tt = TargetType.fromCode(targetType);
        Entry targetEntry = TargetType.lookupTarget(prov, tt, targetBy, target);
        // targetEntry cannot be null by now, because lookupTarget would have thrown
        // if the specified target does not exist
        checkRight(zsc, targetEntry, Admin.R_viewGrants);
    }
    String granteeType = null;
    GranteeBy granteeBy = null;
    String grantee = null;
    boolean granteeIncludeGroupsGranteeBelongs = true;
    Element eGrantee = request.getOptionalElement(AdminConstants.E_GRANTEE);
    if (eGrantee != null) {
        granteeType = eGrantee.getAttribute(AdminConstants.A_TYPE);
        granteeBy = GranteeBy.fromString(eGrantee.getAttribute(AdminConstants.A_BY));
        grantee = eGrantee.getText();
        granteeIncludeGroupsGranteeBelongs = eGrantee.getAttributeBool(AdminConstants.A_ALL);
    }
    RightCommand.Grants grants = RightCommand.getGrants(prov, targetType, targetBy, target, granteeType, granteeBy, grantee, granteeIncludeGroupsGranteeBelongs);
    // check if the authed admin can see the zimbraACE attr on
    // each of the target on which grants for the specified grantee are found
    Set<String> OKedTarget = new HashSet<String>();
    for (RightCommand.ACE ace : grants.getACEs()) {
        TargetType tt = TargetType.fromCode(ace.targetType());
        // has to look up target by name, because zimlet can only be looked up by name
        Entry targetEntry = TargetType.lookupTarget(prov, tt, TargetBy.name, ace.targetName());
        String targetKey = ace.targetType() + "-" + ace.targetId();
        if (!OKedTarget.contains(targetKey)) {
            checkRight(zsc, targetEntry, Admin.R_viewGrants);
            // add the target to our OKed set, so we don't check again
            OKedTarget.add(targetKey);
        }
    }
    Element resp = zsc.createElement(AdminConstants.GET_GRANTS_RESPONSE);
    grants.toXML(resp);
    return resp;
}
Also used : Element(com.zimbra.common.soap.Element) TargetBy(com.zimbra.soap.type.TargetBy) Provisioning(com.zimbra.cs.account.Provisioning) Entry(com.zimbra.cs.account.Entry) ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext) GranteeBy(com.zimbra.soap.admin.type.GranteeSelector.GranteeBy) TargetType(com.zimbra.cs.account.accesscontrol.TargetType) RightCommand(com.zimbra.cs.account.accesscontrol.RightCommand) HashSet(java.util.HashSet)

Example 8 with GranteeBy

use of com.zimbra.soap.admin.type.GranteeSelector.GranteeBy in project zm-mailbox by Zimbra.

the class GetCreateObjectAttrs method handle.

@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
    ZimbraSoapContext zsc = getZimbraSoapContext(context);
    Element eTarget = request.getElement(AdminConstants.E_TARGET);
    String targetType = eTarget.getAttribute(AdminConstants.A_TYPE);
    Key.DomainBy domainBy = null;
    String domain = null;
    Element eDomain = request.getOptionalElement(AdminConstants.E_DOMAIN);
    if (eDomain != null) {
        domainBy = Key.DomainBy.fromString(eDomain.getAttribute(AdminConstants.A_BY));
        domain = eDomain.getText();
    }
    Key.CosBy cosBy = null;
    String cos = null;
    Element eCos = request.getOptionalElement(AdminConstants.E_COS);
    if (eCos != null) {
        cosBy = Key.CosBy.fromString(eCos.getAttribute(AdminConstants.A_BY));
        cos = eCos.getText();
    }
    GranteeBy granteeBy = GranteeBy.id;
    String grantee = zsc.getRequestedAccountId();
    if (!grantee.equals(zsc.getAuthtokenAccountId())) {
        checkCheckRightRight(zsc, GranteeType.GT_USER, granteeBy, grantee);
    }
    RightCommand.EffectiveRights er = RightCommand.getCreateObjectAttrs(Provisioning.getInstance(), targetType, domainBy, domain, cosBy, cos, granteeBy, grantee);
    Element resp = zsc.createElement(AdminConstants.GET_CREATE_OBJECT_ATTRS_RESPONSE);
    er.toXML_getCreateObjectAttrs(resp);
    return resp;
}
Also used : ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext) Element(com.zimbra.common.soap.Element) GranteeBy(com.zimbra.soap.admin.type.GranteeSelector.GranteeBy) RightCommand(com.zimbra.cs.account.accesscontrol.RightCommand) Key(com.zimbra.common.account.Key)

Example 9 with GranteeBy

use of com.zimbra.soap.admin.type.GranteeSelector.GranteeBy in project zm-mailbox by Zimbra.

the class GetEffectiveRights method handle.

@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
    ZimbraSoapContext zsc = getZimbraSoapContext(context);
    Pair<Boolean, Boolean> expandAttrs = parseExpandAttrs(request);
    boolean expandSetAttrs = expandAttrs.getFirst();
    boolean expandGetAttrs = expandAttrs.getSecond();
    Element eTarget = request.getElement(AdminConstants.E_TARGET);
    String targetType = eTarget.getAttribute(AdminConstants.A_TYPE);
    TargetBy targetBy = null;
    String target = null;
    if (TargetType.fromCode(targetType).needsTargetIdentity()) {
        targetBy = TargetBy.fromString(eTarget.getAttribute(AdminConstants.A_BY));
        target = eTarget.getText();
    }
    Element eGrantee = request.getOptionalElement(AdminConstants.E_GRANTEE);
    GranteeBy granteeBy;
    String grantee;
    if (eGrantee != null) {
        String granteeType = eGrantee.getAttribute(AdminConstants.A_TYPE, GranteeType.GT_USER.getCode());
        if (GranteeType.fromCode(granteeType) != GranteeType.GT_USER)
            throw ServiceException.INVALID_REQUEST("invalid grantee type " + granteeType, null);
        granteeBy = GranteeBy.fromString(eGrantee.getAttribute(AdminConstants.A_BY));
        grantee = eGrantee.getText();
    } else {
        granteeBy = GranteeBy.id;
        grantee = zsc.getRequestedAccountId();
    }
    if (!grantee.equals(zsc.getAuthtokenAccountId())) {
        checkCheckRightRight(zsc, GranteeType.GT_USER, granteeBy, grantee);
    }
    RightCommand.EffectiveRights er = RightCommand.getEffectiveRights(Provisioning.getInstance(), targetType, targetBy, target, granteeBy, grantee, expandSetAttrs, expandGetAttrs);
    Element resp = zsc.createElement(AdminConstants.GET_EFFECTIVE_RIGHTS_RESPONSE);
    er.toXML_getEffectiveRights(resp);
    return resp;
}
Also used : ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext) Element(com.zimbra.common.soap.Element) GranteeBy(com.zimbra.soap.admin.type.GranteeSelector.GranteeBy) TargetBy(com.zimbra.soap.type.TargetBy) RightCommand(com.zimbra.cs.account.accesscontrol.RightCommand)

Example 10 with GranteeBy

use of com.zimbra.soap.admin.type.GranteeSelector.GranteeBy in project zm-mailbox by Zimbra.

the class GetAllEffectiveRights method handle.

@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
    ZimbraSoapContext zsc = getZimbraSoapContext(context);
    Pair<Boolean, Boolean> expandAttrs = parseExpandAttrs(request);
    boolean expandSetAttrs = expandAttrs.getFirst();
    boolean expandGetAttrs = expandAttrs.getSecond();
    Element eGrantee = request.getOptionalElement(AdminConstants.E_GRANTEE);
    String granteeType;
    GranteeBy granteeBy;
    String grantee;
    if (eGrantee != null) {
        granteeType = eGrantee.getAttribute(AdminConstants.A_TYPE, GranteeType.GT_USER.getCode());
        granteeBy = GranteeBy.fromString(eGrantee.getAttribute(AdminConstants.A_BY));
        grantee = eGrantee.getText();
    } else {
        granteeType = GranteeType.GT_USER.getCode();
        granteeBy = GranteeBy.id;
        grantee = zsc.getRequestedAccountId();
    }
    GranteeType gt = GranteeType.fromCode(granteeType);
    if (!grantee.equals(zsc.getAuthtokenAccountId())) {
        checkCheckRightRight(zsc, gt, granteeBy, grantee);
    }
    RightCommand.AllEffectiveRights aer = RightCommand.getAllEffectiveRights(Provisioning.getInstance(), granteeType, granteeBy, grantee, expandSetAttrs, expandGetAttrs);
    Element resp = zsc.createElement(AdminConstants.GET_ALL_EFFECTIVE_RIGHTS_RESPONSE);
    aer.toXML(resp);
    return resp;
}
Also used : GranteeType(com.zimbra.cs.account.accesscontrol.GranteeType) ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext) Element(com.zimbra.common.soap.Element) GranteeBy(com.zimbra.soap.admin.type.GranteeSelector.GranteeBy) RightCommand(com.zimbra.cs.account.accesscontrol.RightCommand)

Aggregations

GranteeBy (com.zimbra.soap.admin.type.GranteeSelector.GranteeBy)12 RightCommand (com.zimbra.cs.account.accesscontrol.RightCommand)8 TargetBy (com.zimbra.soap.type.TargetBy)8 Element (com.zimbra.common.soap.Element)5 ZimbraSoapContext (com.zimbra.soap.ZimbraSoapContext)5 LdapProv (com.zimbra.cs.account.ldap.LdapProv)3 Key (com.zimbra.common.account.Key)2 GranteeType (com.zimbra.cs.account.accesscontrol.GranteeType)2 TargetType (com.zimbra.cs.account.accesscontrol.TargetType)2 ViaGrant (com.zimbra.cs.account.AccessManager.ViaGrant)1 Account (com.zimbra.cs.account.Account)1 Entry (com.zimbra.cs.account.Entry)1 GuestAccount (com.zimbra.cs.account.GuestAccount)1 MailTarget (com.zimbra.cs.account.MailTarget)1 NamedEntry (com.zimbra.cs.account.NamedEntry)1 Provisioning (com.zimbra.cs.account.Provisioning)1 RightModifier (com.zimbra.cs.account.accesscontrol.RightModifier)1 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 Map (java.util.Map)1