Example 1 with AccessPrincipal
use of org.bedework.access.AccessPrincipal in project bw-calendar-engine by Bedework.
the class Events method setScheduleState.
/* Flag this as an attendee scheduling object or an organizer scheduling object
*/
private void setScheduleState(final BwEvent ev, final boolean adding, final boolean schedulingInbox) throws CalFacadeException {
ev.setOrganizerSchedulingObject(false);
ev.setAttendeeSchedulingObject(false);
if ((ev.getEntityType() != IcalDefs.entityTypeEvent) && (ev.getEntityType() != IcalDefs.entityTypeTodo) && (ev.getEntityType() != IcalDefs.entityTypeVpoll)) {
// Not a possible scheduling entity
return;
}
final BwOrganizer org = ev.getOrganizer();
final Set<BwAttendee> atts = ev.getAttendees();
if (Util.isEmpty(atts) || (org == null)) {
return;
}
final String curPrincipal = getSvc().getPrincipal().getPrincipalRef();
final Directories dirs = getSvc().getDirectories();
AccessPrincipal evPrincipal = dirs.caladdrToPrincipal(org.getOrganizerUri());
if ((evPrincipal != null) && (evPrincipal.getPrincipalRef().equals(curPrincipal))) {
ev.setOrganizerSchedulingObject(true);
/* If we are expanding groups do so here */
final ChangeTable chg = ev.getChangeset(getPrincipalHref());
final Set<BwAttendee> groups = new TreeSet<>();
if (!schedulingInbox) {
final ChangeTableEntry cte = chg.getEntry(PropertyInfoIndex.ATTENDEE);
checkAttendees: for (final BwAttendee att : atts) {
if (CuType.GROUP.getValue().equals(att.getCuType())) {
groups.add(att);
}
final AccessPrincipal attPrincipal = getSvc().getDirectories().caladdrToPrincipal(att.getAttendeeUri());
if ((attPrincipal != null) && (attPrincipal.getPrincipalRef().equals(curPrincipal))) {
// It's us
continue;
}
if (att.getPartstat().equals(IcalDefs.partstatValNeedsAction)) {
continue;
}
if (adding) {
// Can't add an event with attendees set to accepted
att.setPartstat(IcalDefs.partstatValNeedsAction);
continue;
}
// Not adding event. Did we add attendee?
if ((cte != null) && !Util.isEmpty(cte.getAddedValues())) {
for (final Object o : cte.getAddedValues()) {
final BwAttendee chgAtt = (BwAttendee) o;
if (chgAtt.getCn().equals(att.getCn())) {
att.setPartstat(IcalDefs.partstatValNeedsAction);
continue checkAttendees;
}
}
}
}
}
try {
/* If this is a vpoll we need the vvoters as we are going to
have to remove the group vvoter entry and clone it for the
attendees we add.
I think this will work for any poll mode - if not we may
have to rethink this approach.
*/
Map<String, VVoter> voters = null;
final boolean vpoll;
if (ev.getEntityType() == IcalDefs.entityTypeVpoll) {
voters = IcalUtil.parseVpollVvoters(ev);
// We'll add them all back
ev.clearVvoters();
vpoll = true;
} else {
vpoll = false;
}
for (final BwAttendee att : groups) {
/* If the group is in one of our domains we can try to expand it.
* We should leave it if it's an external id.
*/
final Holder<Boolean> trunc = new Holder<>();
final List<BwPrincipalInfo> groupPis = dirs.find(att.getAttendeeUri(), att.getCuType(), // expand
true, trunc);
if ((groupPis == null) || (groupPis.size() != 1)) {
continue;
}
final BwPrincipalInfo pi = groupPis.get(0);
if (pi.getMembers() == null) {
continue;
}
VVoter groupVvoter = null;
Voter groupVoter = null;
PropertyList pl = null;
if (vpoll) {
groupVvoter = voters.get(att.getAttendeeUri());
if (groupVvoter == null) {
if (debug) {
warn("No vvoter found for " + att.getAttendeeUri());
}
continue;
}
voters.remove(att.getAttendeeUri());
groupVoter = groupVvoter.getVoter();
pl = groupVvoter.getProperties();
}
// Remove the group
ev.removeAttendee(att);
chg.changed(PropertyInfoIndex.ATTENDEE, att, null);
for (final BwPrincipalInfo mbrPi : pi.getMembers()) {
if (mbrPi.getCaladruri() == null) {
continue;
}
final BwAttendee mbrAtt = new BwAttendee();
mbrAtt.setType(att.getType());
mbrAtt.setAttendeeUri(mbrPi.getCaladruri());
mbrAtt.setCn(mbrPi.getEmail());
mbrAtt.setCuType(mbrPi.getKind());
mbrAtt.setMember(att.getAttendeeUri());
ev.addAttendee(mbrAtt);
chg.addValue(PropertyInfoIndex.ATTENDEE, mbrAtt);
if (vpoll) {
pl.remove(groupVoter);
groupVoter = IcalUtil.setVoter(mbrAtt);
pl.add(groupVoter);
ev.addVvoter(groupVvoter.toString());
}
}
}
if (vpoll) {
// Add back any remaining vvoters
for (VVoter vv : voters.values()) {
ev.addVvoter(vv.toString());
}
}
} catch (final CalFacadeException cfe) {
throw cfe;
} catch (final Throwable t) {
throw new CalFacadeException(t);
}
if (ev instanceof BwEventProxy) {
// Only add x-property to master
return;
}
if (CalFacadeDefs.jasigSchedulingAssistant.equals(getPars().getClientId())) {
ev.addXproperty(new BwXproperty(BwXproperty.bedeworkSchedAssist, null, "true"));
}
return;
}
for (final BwAttendee att : atts) {
/* See if at least one attendee is us */
evPrincipal = getSvc().getDirectories().caladdrToPrincipal(att.getAttendeeUri());
if ((evPrincipal != null) && (evPrincipal.getPrincipalRef().equals(curPrincipal))) {
ev.setAttendeeSchedulingObject(true);
break;
}
}
}
Also used :
VVoter(net.fortuna.ical4j.model.component.VVoter)
Holder(javax.xml.ws.Holder)
BwEventProxy(org.bedework.calfacade.BwEventProxy)
AccessPrincipal(org.bedework.access.AccessPrincipal)
CalFacadeException(org.bedework.calfacade.exc.CalFacadeException)
Directories(org.bedework.calfacade.ifs.Directories)
PropertyList(net.fortuna.ical4j.model.PropertyList)
BwXproperty(org.bedework.calfacade.BwXproperty)
ChangeTable(org.bedework.calfacade.util.ChangeTable)
TreeSet(java.util.TreeSet)
Voter(net.fortuna.ical4j.model.property.Voter)
VVoter(net.fortuna.ical4j.model.component.VVoter)
ChangeTableEntry(org.bedework.calfacade.util.ChangeTableEntry)
BwAttendee(org.bedework.calfacade.BwAttendee)
BwPrincipalInfo(org.bedework.calfacade.BwPrincipalInfo)
BwOrganizer(org.bedework.calfacade.BwOrganizer)
Example 2 with AccessPrincipal
use of org.bedework.access.AccessPrincipal in project bw-calendar-engine by Bedework.
the class AccessUtil method checkAccess.
@Override
public CurrentAccess checkAccess(final BwShareableDbentity<?> ent, final int desiredAccess, final boolean alwaysReturnResult) throws CalFacadeException {
if (ent == null) {
return null;
}
if (ent instanceof CalendarWrapper) {
final CalendarWrapper col = (CalendarWrapper) ent;
final CurrentAccess ca = col.getCurrentAccess(desiredAccess);
if (ca != null) {
if (debug) {
debug("Access " + desiredAccess + " already checked for " + cb.getPrincipal().getPrincipalRef() + " and allowed=" + ca.getAccessAllowed());
}
if (!ca.getAccessAllowed() && !alwaysReturnResult) {
throw new CalFacadeAccessException();
}
return ca;
}
}
if (debug) {
final String cname = ent.getClass().getName();
final String ident;
if (ent instanceof BwCalendar) {
ident = ((BwCalendar) ent).getPath();
} else {
ident = String.valueOf(ent.getId());
}
debug("Check access by " + cb.getPrincipal().getPrincipalRef() + " for object " + cname.substring(cname.lastIndexOf(".") + 1) + " ident=" + ident + " desiredAccess = " + desiredAccess);
}
try {
final long startTime = System.currentTimeMillis();
CurrentAccess ca = null;
final AccessPrincipal owner = cb.getPrincipal(ent.getOwnerHref());
if (debug) {
debug("After getPrincipal - took: " + (System.currentTimeMillis() - startTime));
}
if (owner == null) {
error("Principal(owner) " + ent.getOwnerHref() + " does not exist");
if (!alwaysReturnResult) {
throw new CalFacadeAccessException();
}
return new CurrentAccess(false);
}
PrivilegeSet maxPrivs = null;
char[] aclChars = null;
if (ent instanceof BwCalendar) {
final BwCalendar cal = (BwCalendar) ent;
final String path = cal.getPath();
/* I think this was wrong. For superuser we want to see the real
* access but they are going to be allowed access whatever.
if (userRootPath.equals(path)) {
ca = new CurrentAccess();
if (getSuperUser()) {
ca.privileges = PrivilegeSet.makeDefaultOwnerPrivileges();
} else {
ca.privileges = PrivilegeSet.makeDefaultNonOwnerPrivileges();
}
} else if (path.equals(userHomePathPrefix + account)){
// Accessing user home directory
if (getSuperUser()) {
ca = new CurrentAccess();
ca.privileges = PrivilegeSet.makeDefaultOwnerPrivileges();
} else {
// Set the maximumn access
maxPrivs = PrivilegeSet.userHomeMaxPrivileges;
}
}
*/
if (!cb.getSuperUser()) {
if (cb.getUserHomePath().equals(path)) {
ca = new CurrentAccess();
ca = Acl.defaultNonOwnerAccess;
} else if (path.equals(Util.buildPath(colPathEndsWithSlash, cb.getUserHomePath(), "/", owner.getAccount()))) {
// Accessing user home directory
// Set the maximumn access
maxPrivs = PrivilegeSet.userHomeMaxPrivileges;
}
}
}
if (maxPrivs == null) {
maxPrivs = cb.getMaximumAllowedPrivs();
} else if (cb.getMaximumAllowedPrivs() != null) {
maxPrivs = PrivilegeSet.filterPrivileges(maxPrivs, cb.getMaximumAllowedPrivs());
}
if (ca == null) {
/* Not special. getAclChars provides merged access for the current
* entity.
*/
aclChars = getAclChars(ent);
if (aclChars == null) {
error("Unable to fetch aclchars for " + ent);
if (!alwaysReturnResult) {
throw new CalFacadeAccessException();
}
return new CurrentAccess(false);
}
if (debug) {
debug("aclChars = " + new String(aclChars));
}
if (desiredAccess == privAny) {
ca = access.checkAny(cb, cb.getPrincipal(), owner, aclChars, maxPrivs);
} else if (desiredAccess == privRead) {
ca = access.checkRead(cb, cb.getPrincipal(), owner, aclChars, maxPrivs);
} else if (desiredAccess == privWrite) {
ca = access.checkReadWrite(cb, cb.getPrincipal(), owner, aclChars, maxPrivs);
} else {
ca = access.evaluateAccess(cb, cb.getPrincipal(), owner, desiredAccess, aclChars, maxPrivs);
}
}
if ((cb.getPrincipal() != null) && cb.getSuperUser()) {
/* Override rather than just create a readable access as code further
* up expects a valid filled in object.
*/
if (debug && !ca.getAccessAllowed()) {
debug("Override for superuser");
}
ca = Acl.forceAccessAllowed(ca);
}
if (ent instanceof CalendarWrapper) {
final CalendarWrapper col = (CalendarWrapper) ent;
col.setCurrentAccess(ca, desiredAccess);
}
if (debug) {
debug("access allowed: " + ca.getAccessAllowed());
}
if (!ca.getAccessAllowed() && !alwaysReturnResult) {
throw new CalFacadeAccessException();
}
return ca;
} catch (final CalFacadeException cfe) {
throw cfe;
} catch (final Throwable t) {
throw new CalFacadeException(t);
}
}
Also used :
PrivilegeSet(org.bedework.access.PrivilegeSet)
CurrentAccess(org.bedework.access.Acl.CurrentAccess)
CalendarWrapper(org.bedework.calfacade.wrappers.CalendarWrapper)
BwCalendar(org.bedework.calfacade.BwCalendar)
CalFacadeAccessException(org.bedework.calfacade.exc.CalFacadeAccessException)
AccessPrincipal(org.bedework.access.AccessPrincipal)
CalFacadeException(org.bedework.calfacade.exc.CalFacadeException)
Example 3 with AccessPrincipal
use of org.bedework.access.AccessPrincipal in project bw-calendar-engine by Bedework.
the class AbstractDirImpl method uriToCaladdr.
/* (non-Javadoc)
* @see org.bedework.calfacade.ifs.Directories#uriToCaladdr(java.lang.String)
*/
@Override
public String uriToCaladdr(final String val) throws CalFacadeException {
if (isPrincipal(val)) {
// Leave as is
return userToCaladdr(val);
}
boolean isAccount = true;
/* check for something that looks like mailto:somebody@somewhere.com,
scheduleto:, etc. If exists, is not an internal Bedework account. */
final int colonPos = val.indexOf(":");
final int atPos = val.indexOf("@");
String uri = val;
if (colonPos > 0) {
if (atPos < colonPos) {
return null;
}
isAccount = false;
} else if (atPos > 0) {
uri = "mailto:" + val;
}
final AccessPrincipal possibleAccount = caladdrToPrincipal(uri);
if (// Possible bedework user
(possibleAccount != null) && !validPrincipal(possibleAccount.getPrincipalRef())) {
// but not valid
return null;
}
if (isAccount) {
uri = userToCaladdr(uri);
}
return uri;
}
Also used :
AccessPrincipal(org.bedework.access.AccessPrincipal)
Example 4 with AccessPrincipal
use of org.bedework.access.AccessPrincipal in project bw-calendar-engine by Bedework.
the class BwSysIntfImpl method getFreeBusy.
/* (non-Javadoc)
* @see org.bedework.caldav.server.sysinterface.SysIntf#getFreeBusy(org.bedework.caldav.server.CalDAVCollection, int, org.bedework.caldav.util.TimeRange)
*/
@Override
public CalDAVEvent getFreeBusy(final CalDAVCollection col, final int depth, final TimeRange timeRange) throws WebdavException {
try {
BwCalendar bwCol = unwrap(col);
int calType = bwCol.getCalType();
if (!bwCol.getCollectionInfo().allowFreeBusy) {
throw new WebdavForbidden(WebdavTags.supportedReport);
}
Collection<BwCalendar> cals = new ArrayList<BwCalendar>();
if (calType == BwCalendar.calTypeCalendarCollection) {
cals.add(bwCol);
} else if (depth == 0) {
/* Cannot return anything */
} else {
for (BwCalendar ch : getSvci().getCalendarsHandler().getChildren(bwCol)) {
// For depth 1 we only add calendar collections
if ((depth > 1) || (ch.getCalType() == BwCalendar.calTypeCalendarCollection)) {
cals.add(ch);
}
}
}
AccessPrincipal owner = col.getOwner();
String orgUri;
if (owner instanceof BwPrincipal) {
orgUri = getSvci().getDirectories().principalToCaladdr((BwPrincipal) owner);
} else {
BwPrincipal p = BwPrincipal.makeUserPrincipal();
p.setAccount(owner.getAccount());
orgUri = getSvci().getDirectories().principalToCaladdr(p);
}
BwOrganizer org = new BwOrganizer();
org.setOrganizerUri(orgUri);
BwEvent fb;
if (cals.isEmpty()) {
// Return an empty object
fb = new BwEventObj();
fb.setEntityType(IcalDefs.entityTypeFreeAndBusy);
fb.setDtstart(getBwDt(timeRange.getStart()));
fb.setDtend(getBwDt(timeRange.getEnd()));
} else {
fb = getSvci().getScheduler().getFreeBusy(cals, (BwPrincipal) currentPrincipal, getBwDt(timeRange.getStart()), getBwDt(timeRange.getEnd()), org, // uid
null, null);
}
EventInfo ei = new EventInfo(fb);
return new BwCalDAVEvent(this, ei);
} catch (CalFacadeException cfe) {
throw new WebdavException(cfe);
} catch (WebdavException wde) {
throw wde;
} catch (Throwable t) {
throw new WebdavException(t);
}
}
Also used :
EventInfo(org.bedework.calfacade.svc.EventInfo)
WebdavForbidden(org.bedework.webdav.servlet.shared.WebdavForbidden)
ArrayList(java.util.ArrayList)
WebdavException(org.bedework.webdav.servlet.shared.WebdavException)
BwEvent(org.bedework.calfacade.BwEvent)
BwCalendar(org.bedework.calfacade.BwCalendar)
AccessPrincipal(org.bedework.access.AccessPrincipal)
CalFacadeException(org.bedework.calfacade.exc.CalFacadeException)
BwPrincipal(org.bedework.calfacade.BwPrincipal)
BwEventObj(org.bedework.calfacade.BwEventObj)
BwOrganizer(org.bedework.calfacade.BwOrganizer)
Aggregations
AccessPrincipal (org.bedework.access.AccessPrincipal)4
CalFacadeException (org.bedework.calfacade.exc.CalFacadeException)3
BwCalendar (org.bedework.calfacade.BwCalendar)2
BwOrganizer (org.bedework.calfacade.BwOrganizer)2
ArrayList (java.util.ArrayList)1
TreeSet (java.util.TreeSet)1
Holder (javax.xml.ws.Holder)1
PropertyList (net.fortuna.ical4j.model.PropertyList)1
VVoter (net.fortuna.ical4j.model.component.VVoter)1
Voter (net.fortuna.ical4j.model.property.Voter)1
CurrentAccess (org.bedework.access.Acl.CurrentAccess)1
PrivilegeSet (org.bedework.access.PrivilegeSet)1
BwAttendee (org.bedework.calfacade.BwAttendee)1
BwEvent (org.bedework.calfacade.BwEvent)1
BwEventObj (org.bedework.calfacade.BwEventObj)1
BwEventProxy (org.bedework.calfacade.BwEventProxy)1
BwPrincipal (org.bedework.calfacade.BwPrincipal)1
BwPrincipalInfo (org.bedework.calfacade.BwPrincipalInfo)1
BwXproperty (org.bedework.calfacade.BwXproperty)1
CalFacadeAccessException (org.bedework.calfacade.exc.CalFacadeAccessException)1
