Example 1 with TargetBy
use of com.zimbra.soap.type.TargetBy in project zm-mailbox by Zimbra.
the class ProvUtil method doRevokeRight.
private void doRevokeRight(String[] args) throws ServiceException, ArgException {
RightArgs ra = new RightArgs(args);
getRightArgs(ra, true, false);
TargetBy targetBy = (ra.mTargetIdOrName == null) ? null : guessTargetBy(ra.mTargetIdOrName);
GranteeBy granteeBy = (ra.mGranteeIdOrName == null) ? null : guessGranteeBy(ra.mGranteeIdOrName);
prov.revokeRight(ra.mTargetType, targetBy, ra.mTargetIdOrName, ra.mGranteeType, granteeBy, ra.mGranteeIdOrName, ra.mRight, ra.mRightModifier);
}Example 2 with TargetBy
use of com.zimbra.soap.type.TargetBy in project zm-mailbox by Zimbra.
the class ProvUtil method doGetGrants.
private void doGetGrants(String[] args) throws ServiceException, ArgException {
RightArgs ra = new RightArgs(args);
boolean granteeIncludeGroupsGranteeBelongs = true;
while (ra.hasNext()) {
String arg = ra.getNextArg();
if ("-t".equals(arg)) {
getRightArgsTarget(ra);
} else if ("-g".equals(arg)) {
getRightArgsGrantee(ra, true, false);
if (ra.hasNext()) {
String includeGroups = ra.getNextArg();
if ("1".equals(includeGroups)) {
granteeIncludeGroupsGranteeBelongs = true;
} else if ("0".equals(includeGroups)) {
granteeIncludeGroupsGranteeBelongs = false;
} else {
throw ServiceException.INVALID_REQUEST("invalid value for the include group flag, must be 0 or 1", null);
}
}
}
}
TargetBy targetBy = (ra.mTargetIdOrName == null) ? null : guessTargetBy(ra.mTargetIdOrName);
GranteeBy granteeBy = (ra.mGranteeIdOrName == null) ? null : guessGranteeBy(ra.mGranteeIdOrName);
RightCommand.Grants grants = prov.getGrants(ra.mTargetType, targetBy, ra.mTargetIdOrName, ra.mGranteeType, granteeBy, ra.mGranteeIdOrName, granteeIncludeGroupsGranteeBelongs);
String format = "%-12.12s %-36.36s %-30.30s %-12.12s %-36.36s %-30.30s %s\n";
console.printf(format, "target type", "target id", "target name", "grantee type", "grantee id", "grantee name", "right");
console.printf(format, "------------", "------------------------------------", "------------------------------", "------------", "------------------------------------", "------------------------------", "--------------------");
for (RightCommand.ACE ace : grants.getACEs()) {
// String deny = ace.deny()?"-":"";
RightModifier rightModifier = ace.rightModifier();
String rm = (rightModifier == null) ? "" : String.valueOf(rightModifier.getModifier());
console.printf(format, ace.targetType(), ace.targetId(), ace.targetName(), ace.granteeType(), ace.granteeId(), ace.granteeName(), rm + ace.right());
}
console.println();
}
Also used :
GranteeBy(com.zimbra.soap.admin.type.GranteeSelector.GranteeBy)
RightModifier(com.zimbra.cs.account.accesscontrol.RightModifier)
TargetBy(com.zimbra.soap.type.TargetBy)
RightCommand(com.zimbra.cs.account.accesscontrol.RightCommand)
Example 3 with TargetBy
use of com.zimbra.soap.type.TargetBy in project zm-mailbox by Zimbra.
the class ProvUtil method doCheckRight.
private void doCheckRight(String[] args) throws ServiceException, ArgException {
RightArgs ra = new RightArgs(args);
// todo, handle secret
getRightArgs(ra, false, false);
Map<String, Object> attrs = getMap(args, ra.mCurPos);
TargetBy targetBy = (ra.mTargetIdOrName == null) ? null : guessTargetBy(ra.mTargetIdOrName);
GranteeBy granteeBy = guessGranteeBy(ra.mGranteeIdOrName);
AccessManager.ViaGrant via = new AccessManager.ViaGrant();
boolean allow = prov.checkRight(ra.mTargetType, targetBy, ra.mTargetIdOrName, granteeBy, ra.mGranteeIdOrName, ra.mRight, attrs, via);
console.println(allow ? "ALLOWED" : "DENIED");
if (via.available()) {
console.println("Via:");
console.println(" target type : " + via.getTargetType());
console.println(" target : " + via.getTargetName());
console.println(" grantee type : " + via.getGranteeType());
console.println(" grantee : " + via.getGranteeName());
console.println(" right : " + (via.isNegativeGrant() ? "DENY " : "") + via.getRight());
console.println();
}
}Example 4 with TargetBy
use of com.zimbra.soap.type.TargetBy in project zm-mailbox by Zimbra.
the class ProvUtil method doGetEffectiveRights.
private void doGetEffectiveRights(String[] args) throws ServiceException, ArgException {
RightArgs ra = new RightArgs(args);
getRightArgsTarget(ra);
if (prov instanceof LdapProv) {
// must provide grantee info
getRightArgsGrantee(ra, false, false);
} else {
// has more args, use it for the requested grantee
if (ra.mCurPos < args.length) {
getRightArgsGrantee(ra, false, false);
}
}
boolean expandSetAttrs = false;
boolean expandGetAttrs = false;
// if there are more args, see if they are expandSetAttrs/expandGetAttrs
for (int i = ra.mCurPos; i < args.length; i++) {
if ("expandSetAttrs".equals(args[i])) {
expandSetAttrs = true;
} else if ("expandGetAttrs".equals(args[i])) {
expandGetAttrs = true;
} else {
throw new ArgException("unrecognized arg: " + args[i]);
}
}
TargetBy targetBy = (ra.mTargetIdOrName == null) ? null : guessTargetBy(ra.mTargetIdOrName);
GranteeBy granteeBy = (ra.mGranteeIdOrName == null) ? null : guessGranteeBy(ra.mGranteeIdOrName);
RightCommand.EffectiveRights effRights = prov.getEffectiveRights(ra.mTargetType, targetBy, ra.mTargetIdOrName, granteeBy, ra.mGranteeIdOrName, expandSetAttrs, expandGetAttrs);
console.println("Account " + effRights.granteeName() + " has the following rights on target " + effRights.targetType() + " " + effRights.targetName());
dumpEffectiveRight(effRights, expandSetAttrs, expandGetAttrs);
}
Also used :
GranteeBy(com.zimbra.soap.admin.type.GranteeSelector.GranteeBy)
TargetBy(com.zimbra.soap.type.TargetBy)
RightCommand(com.zimbra.cs.account.accesscontrol.RightCommand)
LdapProv(com.zimbra.cs.account.ldap.LdapProv)
Example 5 with TargetBy
use of com.zimbra.soap.type.TargetBy in project zm-mailbox by Zimbra.
the class GetGrants method handle.
@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
ZimbraSoapContext zsc = getZimbraSoapContext(context);
Provisioning prov = Provisioning.getInstance();
String targetType = null;
TargetBy targetBy = null;
String target = null;
Element eTarget = request.getOptionalElement(AdminConstants.E_TARGET);
if (eTarget != null) {
targetType = eTarget.getAttribute(AdminConstants.A_TYPE);
if (TargetType.fromCode(targetType).needsTargetIdentity()) {
targetBy = TargetBy.fromString(eTarget.getAttribute(AdminConstants.A_BY));
target = eTarget.getText();
}
// check if the authed admin has right to view grants on the desired target
TargetType tt = TargetType.fromCode(targetType);
Entry targetEntry = TargetType.lookupTarget(prov, tt, targetBy, target);
// targetEntry cannot be null by now, because lookupTarget would have thrown
// if the specified target does not exist
checkRight(zsc, targetEntry, Admin.R_viewGrants);
}
String granteeType = null;
GranteeBy granteeBy = null;
String grantee = null;
boolean granteeIncludeGroupsGranteeBelongs = true;
Element eGrantee = request.getOptionalElement(AdminConstants.E_GRANTEE);
if (eGrantee != null) {
granteeType = eGrantee.getAttribute(AdminConstants.A_TYPE);
granteeBy = GranteeBy.fromString(eGrantee.getAttribute(AdminConstants.A_BY));
grantee = eGrantee.getText();
granteeIncludeGroupsGranteeBelongs = eGrantee.getAttributeBool(AdminConstants.A_ALL);
}
RightCommand.Grants grants = RightCommand.getGrants(prov, targetType, targetBy, target, granteeType, granteeBy, grantee, granteeIncludeGroupsGranteeBelongs);
// check if the authed admin can see the zimbraACE attr on
// each of the target on which grants for the specified grantee are found
Set<String> OKedTarget = new HashSet<String>();
for (RightCommand.ACE ace : grants.getACEs()) {
TargetType tt = TargetType.fromCode(ace.targetType());
// has to look up target by name, because zimlet can only be looked up by name
Entry targetEntry = TargetType.lookupTarget(prov, tt, TargetBy.name, ace.targetName());
String targetKey = ace.targetType() + "-" + ace.targetId();
if (!OKedTarget.contains(targetKey)) {
checkRight(zsc, targetEntry, Admin.R_viewGrants);
// add the target to our OKed set, so we don't check again
OKedTarget.add(targetKey);
}
}
Element resp = zsc.createElement(AdminConstants.GET_GRANTS_RESPONSE);
grants.toXML(resp);
return resp;
}
Also used :
Element(com.zimbra.common.soap.Element)
TargetBy(com.zimbra.soap.type.TargetBy)
Provisioning(com.zimbra.cs.account.Provisioning)
Entry(com.zimbra.cs.account.Entry)
ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext)
GranteeBy(com.zimbra.soap.admin.type.GranteeSelector.GranteeBy)
TargetType(com.zimbra.cs.account.accesscontrol.TargetType)
RightCommand(com.zimbra.cs.account.accesscontrol.RightCommand)
HashSet(java.util.HashSet)
Aggregations
TargetBy (com.zimbra.soap.type.TargetBy)10
GranteeBy (com.zimbra.soap.admin.type.GranteeSelector.GranteeBy)8
Element (com.zimbra.common.soap.Element)5
ZimbraSoapContext (com.zimbra.soap.ZimbraSoapContext)5
RightCommand (com.zimbra.cs.account.accesscontrol.RightCommand)4
Entry (com.zimbra.cs.account.Entry)2
NamedEntry (com.zimbra.cs.account.NamedEntry)2
Provisioning (com.zimbra.cs.account.Provisioning)2
RightModifier (com.zimbra.cs.account.accesscontrol.RightModifier)2
TargetType (com.zimbra.cs.account.accesscontrol.TargetType)2
ServiceException (com.zimbra.common.service.ServiceException)1
AccessManager (com.zimbra.cs.account.AccessManager)1
ViaGrant (com.zimbra.cs.account.AccessManager.ViaGrant)1
Account (com.zimbra.cs.account.Account)1
GuestAccount (com.zimbra.cs.account.GuestAccount)1
MailTarget (com.zimbra.cs.account.MailTarget)1
GranteeType (com.zimbra.cs.account.accesscontrol.GranteeType)1
UserRight (com.zimbra.cs.account.accesscontrol.UserRight)1
LdapProv (com.zimbra.cs.account.ldap.LdapProv)1
FlushCacheRequest (com.zimbra.soap.admin.message.FlushCacheRequest)1
