Example 6 with TargetBy
use of com.zimbra.soap.type.TargetBy in project zm-mailbox by Zimbra.
the class CheckRights method handle.
@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
ZimbraSoapContext zsc = getZimbraSoapContext(context);
Provisioning prov = Provisioning.getInstance();
List<RequestedTarget> requestedTargets = Lists.newArrayList();
for (Element eTarget : request.listElements(AccountConstants.E_TARGET)) {
TargetType targetType = TargetType.fromCode(eTarget.getAttribute(AccountConstants.A_TYPE));
TargetBy targetBy = TargetBy.fromString(eTarget.getAttribute(AccountConstants.A_BY));
String key = eTarget.getAttribute(AccountConstants.A_KEY);
Entry entry = findEntry(prov, targetType, targetBy, key);
RequestedTarget target = new RequestedTarget(entry, targetType, targetBy, key);
requestedTargets.add(target);
for (Element eRight : eTarget.listElements(AccountConstants.E_RIGHT)) {
// can only be user right, not admim rights
target.addRight(RightManager.getInstance().getUserRight(eRight.getText()));
}
if (target.getRights().size() == 0) {
throw ServiceException.INVALID_REQUEST("missing right for target: " + key, null);
}
}
Element response = zsc.createElement(AccountConstants.CHECK_RIGHTS_RESPONSE);
AccessManager accessMgr = AccessManager.getInstance();
for (RequestedTarget target : requestedTargets) {
Entry targetEntry = target.getTargetEntry();
Element eTarget = response.addElement(AccountConstants.E_TARGET);
eTarget.addAttribute(AccountConstants.A_TYPE, target.getTargetType().getCode());
eTarget.addAttribute(AccountConstants.A_BY, target.getTargetBy().name());
eTarget.addAttribute(AccountConstants.A_KEY, target.getTargetKey());
boolean combinedResult = true;
for (UserRight right : target.getRights()) {
boolean allow = accessMgr.canDo(zsc.getAuthToken(), targetEntry, right, false);
if (allow && DiscoverRights.isDelegatedSendRight(right) && TargetBy.name == target.getTargetBy()) {
allow = AccountUtil.isAllowedSendAddress((NamedEntry) targetEntry, target.getTargetKey());
}
eTarget.addElement(AccountConstants.E_RIGHT).addAttribute(AccountConstants.A_ALLOW, allow).setText(right.getName());
combinedResult = combinedResult & allow;
}
eTarget.addAttribute(AccountConstants.A_ALLOW, combinedResult);
}
return response;
}
Also used :
AccessManager(com.zimbra.cs.account.AccessManager)
UserRight(com.zimbra.cs.account.accesscontrol.UserRight)
Element(com.zimbra.common.soap.Element)
TargetBy(com.zimbra.soap.type.TargetBy)
Provisioning(com.zimbra.cs.account.Provisioning)
NamedEntry(com.zimbra.cs.account.NamedEntry)
NamedEntry(com.zimbra.cs.account.NamedEntry)
Entry(com.zimbra.cs.account.Entry)
ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext)
TargetType(com.zimbra.cs.account.accesscontrol.TargetType)
Example 7 with TargetBy
use of com.zimbra.soap.type.TargetBy in project zm-mailbox by Zimbra.
the class ProvUtil method doGrantRight.
private void doGrantRight(String[] args) throws ServiceException, ArgException {
RightArgs ra = new RightArgs(args);
getRightArgs(ra, true, true);
TargetBy targetBy = (ra.mTargetIdOrName == null) ? null : guessTargetBy(ra.mTargetIdOrName);
GranteeBy granteeBy = (ra.mGranteeIdOrName == null) ? null : guessGranteeBy(ra.mGranteeIdOrName);
prov.grantRight(ra.mTargetType, targetBy, ra.mTargetIdOrName, ra.mGranteeType, granteeBy, ra.mGranteeIdOrName, ra.mSecret, ra.mRight, ra.mRightModifier);
}Example 8 with TargetBy
use of com.zimbra.soap.type.TargetBy in project zm-mailbox by Zimbra.
the class CheckRight method handle.
@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
ZimbraSoapContext zsc = getZimbraSoapContext(context);
Element eTarget = request.getElement(AdminConstants.E_TARGET);
String targetType = eTarget.getAttribute(AdminConstants.A_TYPE);
TargetBy targetBy = null;
String target = null;
if (TargetType.fromCode(targetType).needsTargetIdentity()) {
targetBy = TargetBy.fromString(eTarget.getAttribute(AdminConstants.A_BY));
target = eTarget.getText();
}
Element eGrantee = request.getElement(AdminConstants.E_GRANTEE);
GranteeType granteeType = GranteeType.fromCode(eGrantee.getAttribute(AdminConstants.A_TYPE, GranteeType.GT_EMAIL.getCode()));
if ((granteeType != GranteeType.GT_USER) && (granteeType != GranteeType.GT_EMAIL)) {
throw ServiceException.INVALID_REQUEST("invalid grantee type " + granteeType, null);
}
GranteeBy granteeBy = GranteeBy.fromString(eGrantee.getAttribute(AdminConstants.A_BY));
String granteeVal = eGrantee.getText();
Element eRight = request.getElement(AdminConstants.E_RIGHT);
String right = eRight.getText();
Element eAttrs = request.getOptionalElement(AdminConstants.E_ATTRS);
Map<String, Object> attrs = (eAttrs == null) ? null : AdminService.getAttrs(request);
MailTarget grantee = null;
NamedEntry ne = GranteeType.lookupGrantee(Provisioning.getInstance(), granteeType, granteeBy, granteeVal);
if (ne instanceof MailTarget) {
grantee = (MailTarget) ne;
} else {
grantee = new GuestAccount(granteeVal, null);
}
if (!granteeVal.equals(zsc.getAuthtokenAccountId())) {
/* Make sure authenticated account has the right to check rights for this grantee.
*/
checkCheckRightRight(zsc, (grantee instanceof Account) ? GranteeType.GT_USER : GranteeType.GT_GROUP, granteeBy, granteeVal, true);
}
ViaGrant via = new ViaGrant();
boolean result = RightCommand.checkRight(Provisioning.getInstance(), targetType, targetBy, target, grantee, right, attrs, via);
Element resp = zsc.createElement(AdminConstants.CHECK_RIGHT_RESPONSE);
resp.addAttribute(AdminConstants.A_ALLOW, result);
if (via.available()) {
Element eVia = resp.addElement(AdminConstants.E_VIA);
Element eViaTarget = eVia.addElement(AdminConstants.E_TARGET);
eViaTarget.addAttribute(AdminConstants.A_TYPE, via.getTargetType());
eViaTarget.setText(via.getTargetName());
Element eViaGrantee = eVia.addElement(AdminConstants.E_GRANTEE);
eViaGrantee.addAttribute(AdminConstants.A_TYPE, via.getGranteeType());
eViaGrantee.setText(via.getGranteeName());
Element eViaRight = eVia.addElement(AdminConstants.E_RIGHT);
eViaRight.addAttribute(AdminConstants.A_DENY, via.isNegativeGrant());
eViaRight.setText(via.getRight());
}
return resp;
}
Also used :
GuestAccount(com.zimbra.cs.account.GuestAccount)
Account(com.zimbra.cs.account.Account)
GranteeType(com.zimbra.cs.account.accesscontrol.GranteeType)
GuestAccount(com.zimbra.cs.account.GuestAccount)
Element(com.zimbra.common.soap.Element)
TargetBy(com.zimbra.soap.type.TargetBy)
MailTarget(com.zimbra.cs.account.MailTarget)
NamedEntry(com.zimbra.cs.account.NamedEntry)
ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext)
GranteeBy(com.zimbra.soap.admin.type.GranteeSelector.GranteeBy)
ViaGrant(com.zimbra.cs.account.AccessManager.ViaGrant)
Example 9 with TargetBy
use of com.zimbra.soap.type.TargetBy in project zm-mailbox by Zimbra.
the class GrantRight method handle.
@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
ZimbraSoapContext zsc = getZimbraSoapContext(context);
GrantRightRequest grReq = zsc.elementToJaxb(request);
RightModifierInfo modifierInfo = grReq.getRight();
if (modifierInfo == null) {
throw ServiceException.INVALID_REQUEST("No information specified on what right to assign", null);
}
RightModifier rightModifier = getRightModifier(modifierInfo);
// right checking is done in RightCommand
EffectiveRightsTargetSelector erTargSel = grReq.getTarget();
RightCommand.grantRight(Provisioning.getInstance(), getAuthenticatedAccount(zsc), erTargSel, grReq.getGrantee(), modifierInfo.getValue(), rightModifier);
// Bug 100965 Avoid Cross server delegate admin being broken after initial creation due to stale caches
if (com.zimbra.soap.type.TargetType.domain == erTargSel.getType()) {
TargetBy by = erTargSel.getBy();
if ((TargetBy.id == by) || (TargetBy.name == by)) {
CacheSelector cacheSel = new CacheSelector(true, /* allServers */
CacheEntryType.domain.toString());
CacheEntrySelector ceSel = new CacheEntrySelector((TargetBy.id == erTargSel.getBy()) ? CacheEntryBy.id : CacheEntryBy.name, erTargSel.getValue());
cacheSel.addEntry(ceSel);
FlushCacheRequest fcReq = new FlushCacheRequest(cacheSel);
try {
FlushCache.doFlushCache(this, context, fcReq);
} catch (ServiceException se) {
ZimbraLog.acl.info("Problem flushing acl cache for domain %s/%s after granting rights", erTargSel.getBy(), erTargSel.getValue(), se);
}
}
}
Element response = zsc.createElement(AdminConstants.GRANT_RIGHT_RESPONSE);
return response;
}
Also used :
CacheSelector(com.zimbra.soap.admin.type.CacheSelector)
RightModifierInfo(com.zimbra.soap.admin.type.RightModifierInfo)
GrantRightRequest(com.zimbra.soap.admin.message.GrantRightRequest)
CacheEntrySelector(com.zimbra.soap.admin.type.CacheEntrySelector)
ServiceException(com.zimbra.common.service.ServiceException)
ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext)
Element(com.zimbra.common.soap.Element)
RightModifier(com.zimbra.cs.account.accesscontrol.RightModifier)
FlushCacheRequest(com.zimbra.soap.admin.message.FlushCacheRequest)
TargetBy(com.zimbra.soap.type.TargetBy)
EffectiveRightsTargetSelector(com.zimbra.soap.admin.type.EffectiveRightsTargetSelector)
Example 10 with TargetBy
use of com.zimbra.soap.type.TargetBy in project zm-mailbox by Zimbra.
the class GetEffectiveRights method handle.
@Override
public Element handle(Element request, Map<String, Object> context) throws ServiceException {
ZimbraSoapContext zsc = getZimbraSoapContext(context);
Pair<Boolean, Boolean> expandAttrs = parseExpandAttrs(request);
boolean expandSetAttrs = expandAttrs.getFirst();
boolean expandGetAttrs = expandAttrs.getSecond();
Element eTarget = request.getElement(AdminConstants.E_TARGET);
String targetType = eTarget.getAttribute(AdminConstants.A_TYPE);
TargetBy targetBy = null;
String target = null;
if (TargetType.fromCode(targetType).needsTargetIdentity()) {
targetBy = TargetBy.fromString(eTarget.getAttribute(AdminConstants.A_BY));
target = eTarget.getText();
}
Element eGrantee = request.getOptionalElement(AdminConstants.E_GRANTEE);
GranteeBy granteeBy;
String grantee;
if (eGrantee != null) {
String granteeType = eGrantee.getAttribute(AdminConstants.A_TYPE, GranteeType.GT_USER.getCode());
if (GranteeType.fromCode(granteeType) != GranteeType.GT_USER)
throw ServiceException.INVALID_REQUEST("invalid grantee type " + granteeType, null);
granteeBy = GranteeBy.fromString(eGrantee.getAttribute(AdminConstants.A_BY));
grantee = eGrantee.getText();
} else {
granteeBy = GranteeBy.id;
grantee = zsc.getRequestedAccountId();
}
if (!grantee.equals(zsc.getAuthtokenAccountId())) {
checkCheckRightRight(zsc, GranteeType.GT_USER, granteeBy, grantee);
}
RightCommand.EffectiveRights er = RightCommand.getEffectiveRights(Provisioning.getInstance(), targetType, targetBy, target, granteeBy, grantee, expandSetAttrs, expandGetAttrs);
Element resp = zsc.createElement(AdminConstants.GET_EFFECTIVE_RIGHTS_RESPONSE);
er.toXML_getEffectiveRights(resp);
return resp;
}
Also used :
ZimbraSoapContext(com.zimbra.soap.ZimbraSoapContext)
Element(com.zimbra.common.soap.Element)
GranteeBy(com.zimbra.soap.admin.type.GranteeSelector.GranteeBy)
TargetBy(com.zimbra.soap.type.TargetBy)
RightCommand(com.zimbra.cs.account.accesscontrol.RightCommand)
Aggregations
TargetBy (com.zimbra.soap.type.TargetBy)10
GranteeBy (com.zimbra.soap.admin.type.GranteeSelector.GranteeBy)8
Element (com.zimbra.common.soap.Element)5
ZimbraSoapContext (com.zimbra.soap.ZimbraSoapContext)5
RightCommand (com.zimbra.cs.account.accesscontrol.RightCommand)4
Entry (com.zimbra.cs.account.Entry)2
NamedEntry (com.zimbra.cs.account.NamedEntry)2
Provisioning (com.zimbra.cs.account.Provisioning)2
RightModifier (com.zimbra.cs.account.accesscontrol.RightModifier)2
TargetType (com.zimbra.cs.account.accesscontrol.TargetType)2
ServiceException (com.zimbra.common.service.ServiceException)1
AccessManager (com.zimbra.cs.account.AccessManager)1
ViaGrant (com.zimbra.cs.account.AccessManager.ViaGrant)1
Account (com.zimbra.cs.account.Account)1
GuestAccount (com.zimbra.cs.account.GuestAccount)1
MailTarget (com.zimbra.cs.account.MailTarget)1
GranteeType (com.zimbra.cs.account.accesscontrol.GranteeType)1
UserRight (com.zimbra.cs.account.accesscontrol.UserRight)1
LdapProv (com.zimbra.cs.account.ldap.LdapProv)1
FlushCacheRequest (com.zimbra.soap.admin.message.FlushCacheRequest)1
