private void updateLookupRightOnParent(MailboxSession session, MailboxPath path) { try { MailboxACL acl = rightManager.listRights(path, session); listAncestors(session, path) .forEach(parentMailboxPath -> updateLookupRight( session, parentMailboxPath, acl.getEntries() .entrySet() .stream() .map(entry -> new Entry(entry.getKey(), entry.getValue())) )); } catch (MailboxException e) { throw new RuntimeException(e); } }
private void applyLookupRight(MailboxSession session, MailboxPath mailboxPath, Entry entry) { try { rightManager.applyRightsCommand(mailboxPath, MailboxACL.command() .rights(Right.Lookup) .key(entry.getKey()) .asAddition(), session); } catch (MailboxException e) { LOGGER.error(String.format("Mailbox '%s' does not exist, user '%s' cannot share mailbox", mailboxPath, session.getUser().getUserName()), e); } } }
@Before public void setUp() throws Exception { user1Key = EntryKey.createUserEntryKey(USER_1); user2Key = EntryKey.createUserEntryKey(USER_2); group1Key = EntryKey.createGroupEntryKey(GROUP_1); group2Key = EntryKey.createGroupEntryKey(GROUP_2); MailboxACL acl = new MailboxACL(new Entry(MailboxACL.AUTHENTICATED_KEY, MailboxACL.FULL_RIGHTS)); authenticatedReadListWriteGlobal = new UnionMailboxACLResolver(acl, acl); acl = new MailboxACL(new Entry(MailboxACL.ANYBODY_KEY, Rfc4314Rights.fromSerializedRfc4314Rights("rl"))); anyoneReadListGlobal = new UnionMailboxACLResolver(acl, acl); acl = new MailboxACL(new Entry(MailboxACL.OWNER_KEY, MailboxACL.FULL_RIGHTS)); ownerFullGlobal = new UnionMailboxACLResolver(acl, acl); noGlobals = new UnionMailboxACLResolver(MailboxACL.EMPTY, MailboxACL.EMPTY); acl = new MailboxACL(new Entry(new EntryKey(GROUP_2, NameType.group, true), MailboxACL.FULL_RIGHTS)); negativeGroup2FullGlobal = new UnionMailboxACLResolver(acl, new MailboxACL(new Entry(new EntryKey(GROUP_2, NameType.group, true), MailboxACL.FULL_RIGHTS))); groupMembershipResolver = new SimpleGroupMembershipResolver(); groupMembershipResolver.addMembership(GROUP_1, USER_1); groupMembershipResolver.addMembership(GROUP_2, USER_2); user1Read = new MailboxACL(new Entry(user1Key, Rfc4314Rights.fromSerializedRfc4314Rights("r"))); user1ReadNegative = new MailboxACL(new Entry(EntryKey.createUserEntryKey(USER_1, true), Rfc4314Rights.fromSerializedRfc4314Rights("r"))); group1Read = new MailboxACL(new Entry(group1Key, Rfc4314Rights.fromSerializedRfc4314Rights("r"))); group1ReadNegative = new MailboxACL(new Entry(EntryKey.createGroupEntryKey(GROUP_1, true), Rfc4314Rights.fromSerializedRfc4314Rights("r"))); anybodyRead = new MailboxACL(new Entry(MailboxACL.ANYBODY_KEY, Rfc4314Rights.fromSerializedRfc4314Rights("r"))); anybodyReadNegative = new MailboxACL(new Entry(MailboxACL.ANYBODY_NEGATIVE_KEY, Rfc4314Rights.fromSerializedRfc4314Rights("r"))); authenticatedRead = new MailboxACL(new Entry(MailboxACL.AUTHENTICATED_KEY, Rfc4314Rights.fromSerializedRfc4314Rights("r"))); authenticatedReadNegative = new MailboxACL(new Entry(MailboxACL.AUTHENTICATED_NEGATIVE_KEY, Rfc4314Rights.fromSerializedRfc4314Rights("r"))); ownerRead = new MailboxACL(new Entry(MailboxACL.OWNER_KEY, Rfc4314Rights.fromSerializedRfc4314Rights("r"))); ownerReadNegative = new MailboxACL(new Entry(MailboxACL.OWNER_NEGATIVE_KEY, Rfc4314Rights.fromSerializedRfc4314Rights("r"))); }
@Test public void eventShouldUpdateAllParentWhenMailboxACLUpdateLookupRight() throws Exception { Mailbox grandChildMailbox = mailboxMapper.getMailboxMapper(mailboxSession).findMailboxById(grandChildMailboxId); mailboxMapper.getMailboxMapper(mailboxSession).setACL(grandChildMailbox, new MailboxACL( new Entry(SHARED_USER_KEY, new Rfc4314Rights(Right.Write)))); storeRightManager.setRights( GRAND_CHILD_MAILBOX, new MailboxACL( new Entry(SHARED_USER_KEY, new Rfc4314Rights(Right.Lookup))), mailboxSession); MailboxACL actualParentACL = storeMailboxManager.getMailbox(parentMailboxId, mailboxSession) .getMetaData(RESET_RECENT, mailboxSession, MessageManager.MetaData.FetchGroup.NO_COUNT) .getACL(); MailboxACL actualChildACL = storeMailboxManager.getMailbox(parentMailboxId, mailboxSession) .getMetaData(RESET_RECENT, mailboxSession, MessageManager.MetaData.FetchGroup.NO_COUNT) .getACL(); assertThat(actualParentACL.getEntries()) .contains(lookupEntry); assertThat(actualChildACL.getEntries()) .contains(lookupEntry); }
@Test public void eventShouldDoNothingWhenMailboxACLRemoveLookupRight() throws Exception { Mailbox grandChildMailbox = mailboxMapper.getMailboxMapper(mailboxSession).findMailboxById(grandChildMailboxId); mailboxMapper.getMailboxMapper(mailboxSession).setACL(grandChildMailbox, new MailboxACL( new Entry(SHARED_USER_KEY, new Rfc4314Rights(Right.Write, Right.Lookup)))); storeRightManager.applyRightsCommand( GRAND_CHILD_MAILBOX, MailboxACL.command() .key(SHARED_USER_KEY) .rights(Right.Lookup) .asRemoval(), mailboxSession); MailboxACL actualACL = storeMailboxManager.getMailbox(parentMailboxId, mailboxSession) .getMetaData(RESET_RECENT, mailboxSession, MessageManager.MetaData.FetchGroup.NO_COUNT) .getACL(); assertThat(actualACL.getEntries()) .doesNotContainKeys(SHARED_USER_KEY); }
@Test public void eventShouldDoNothingWhenNewACLIsTheSameAsTheOldOne() throws Exception { Mailbox grandChildMailbox = mailboxMapper.getMailboxMapper(mailboxSession).findMailboxById(grandChildMailboxId); mailboxMapper.getMailboxMapper(mailboxSession).setACL(grandChildMailbox, new MailboxACL( new Entry(SHARED_USER_KEY, new Rfc4314Rights(Right.Lookup)))); storeRightManager.applyRightsCommand( GRAND_CHILD_MAILBOX, MailboxACL.command() .key(SHARED_USER_KEY) .rights(Right.Lookup) .asAddition(), mailboxSession); MailboxACL actualACL = storeMailboxManager.getMailbox(parentMailboxId, mailboxSession) .getMetaData(RESET_RECENT, mailboxSession, MessageManager.MetaData.FetchGroup.NO_COUNT) .getACL(); assertThat(actualACL.getEntries()) .doesNotContainKeys(SHARED_USER_KEY); }
@Test public void eventShouldUpdateAllNewParentWhenRenameMailboxWhichContainLookupRight() throws Exception { Mailbox grandChildMailbox = mailboxMapper.getMailboxMapper(mailboxSession).findMailboxById(grandChildMailboxId); mailboxMapper.getMailboxMapper(mailboxSession).setACL(grandChildMailbox, new MailboxACL( new Entry(SHARED_USER_KEY, new Rfc4314Rights(Right.Write, Right.Lookup)))); storeMailboxManager.renameMailbox(GRAND_CHILD_MAILBOX, MailboxPath.forUser(OWNER_USER, "shared1.sub1.sub2"), mailboxSession); MailboxACL parentActualACL = storeMailboxManager.getMailbox(parentMailboxId1, mailboxSession) .getMetaData(RESET_RECENT, mailboxSession, MessageManager.MetaData.FetchGroup.NO_COUNT) .getACL(); MailboxACL childActualACL = storeMailboxManager.getMailbox(childMailboxId1, mailboxSession) .getMetaData(RESET_RECENT, mailboxSession, MessageManager.MetaData.FetchGroup.NO_COUNT) .getACL(); assertThat(parentActualACL.getEntries()) .contains(lookupEntry); assertThat(childActualACL.getEntries()) .contains(lookupEntry); }
@Before public void setup() throws Exception { GroupMembershipResolver groupMembershipResolver = new SimpleGroupMembershipResolver(); InMemoryIntegrationResources.Resources resources = new InMemoryIntegrationResources() .createResources(groupMembershipResolver); storeMailboxManager = resources.getMailboxManager(); storeRightManager = resources.getStoreRightManager(); mailboxMapper = storeMailboxManager.getMapperFactory(); testee = new PropagateLookupRightListener(storeRightManager); storeMailboxManager.addGlobalListener(testee, mailboxSession); parentMailboxId = storeMailboxManager.createMailbox(PARENT_MAILBOX, mailboxSession).get(); parentMailboxId1 = storeMailboxManager.createMailbox(PARENT_MAILBOX1, mailboxSession).get(); childMailboxId = storeMailboxManager.createMailbox(CHILD_MAILBOX, mailboxSession).get(); childMailboxId1 = storeMailboxManager.createMailbox(CHILD_MAILBOX1, mailboxSession).get(); grandChildMailboxId = storeMailboxManager.createMailbox(GRAND_CHILD_MAILBOX, mailboxSession).get(); lookupEntry = new Entry(SHARED_USER, "l"); }
@Test public void eventShouldUpdateParentWhenMailboxACLUpdateLookupRight() throws Exception { Mailbox grandChildMailbox = mailboxMapper.getMailboxMapper(mailboxSession).findMailboxById(grandChildMailboxId); mailboxMapper.getMailboxMapper(mailboxSession).setACL(grandChildMailbox, new MailboxACL( new Entry(SHARED_USER_KEY, new Rfc4314Rights(Right.Write)))); storeRightManager.setRights( GRAND_CHILD_MAILBOX, new MailboxACL( new Entry(SHARED_USER_KEY, new Rfc4314Rights(Right.Lookup))), mailboxSession); MailboxACL actualACL = storeMailboxManager.getMailbox(parentMailboxId, mailboxSession) .getMetaData(RESET_RECENT, mailboxSession, MessageManager.MetaData.FetchGroup.NO_COUNT) .getACL(); assertThat(actualACL.getEntries()) .hasSize(2) .contains(lookupEntry); }
@Test public void changedEntriesShouldReturnEntryWhenChangedEntry() throws Exception { ACLDiff aclDiff = ACLDiff.computeDiff( MailboxACL.EMPTY.apply( MailboxACL.command() .key(ENTRY_KEY) .rights(MailboxACL.Right.Administer) .asAddition()), MailboxACL.EMPTY.apply( MailboxACL.command() .key(ENTRY_KEY) .rights(MailboxACL.Right.Lookup) .asAddition())); assertThat(aclDiff.changedEntries()) .containsOnly(new MailboxACL.Entry(ENTRY_KEY, new MailboxACL.Rfc4314Rights(MailboxACL.Right.Lookup))); }
@Test public void changedEntriesShouldReturnEntryWhenChangedEntry() throws Exception { PositiveUserACLDiff positiveUserAclDiff = PositiveUserACLDiff.computeDiff( MailboxACL.EMPTY.apply( MailboxACL.command() .key(USER_ENTRY_KEY) .rights(Right.Administer) .asAddition()), MailboxACL.EMPTY.apply( MailboxACL.command() .key(USER_ENTRY_KEY) .rights(Right.Lookup) .asAddition())); assertThat(positiveUserAclDiff.changedEntries()) .containsOnly(new Entry(USER_ENTRY_KEY, new Rfc4314Rights(MailboxACL.Right.Lookup))); }
public MailboxACL union(EntryKey key, Rfc4314Rights mailboxACLRights) throws UnsupportedRightException { return union(new MailboxACL(new Entry(key, mailboxACLRights))); }
public MailboxACL except(EntryKey key, Rfc4314Rights mailboxACLRights) throws UnsupportedRightException { return except(new MailboxACL(new Entry(key, mailboxACLRights))); }
@Test void deleteShouldDeleteWhenExisting() { testee.update(MAILBOX_ID, ACLDiff.computeDiff( MailboxACL.EMPTY, new MailboxACL(new Entry(ENTRY_KEY, RIGHTS)))) .join(); testee.update(MAILBOX_ID, ACLDiff.computeDiff( new MailboxACL(new Entry(ENTRY_KEY, RIGHTS)), MailboxACL.EMPTY)) .join(); assertThat(testee.retrieve(USER_NAME, MAILBOX_ID).join()) .isEmpty(); } }
@Test void saveOnSecondShouldOverwrite() { testee.update(MAILBOX_ID, ACLDiff.computeDiff( MailboxACL.EMPTY, new MailboxACL(new Entry(ENTRY_KEY, RIGHTS)))) .join(); testee.update(MAILBOX_ID, ACLDiff.computeDiff( new MailboxACL(new Entry(ENTRY_KEY, RIGHTS)), new MailboxACL(new Entry(ENTRY_KEY, OTHER_RIGHTS)))) .join(); assertThat(testee.retrieve(USER_NAME, MAILBOX_ID).join()) .contains(OTHER_RIGHTS); }
@Test public void toMailboxAclShouldReturnAclConversion() throws Exception { String user1 = "user1"; String user2 = "user2"; Rights rights = Rights.builder() .delegateTo(new Rights.Username(user1), Right.Administer, Right.DeleteMessages) .delegateTo(new Rights.Username(user2), Right.Expunge, Right.Lookup) .build(); assertThat(rights.toMailboxAcl()) .isEqualTo(new MailboxACL( new Entry(user1, MailboxACL.Right.Administer, MailboxACL.Right.DeleteMessages), new Entry(user2, MailboxACL.Right.PerformExpunge, MailboxACL.Right.Lookup))); }
@Test public void eventShouldUpdateNewParentWhenRenameMailboxWhichContainLookupRight() throws Exception { Mailbox childMailbox = mailboxMapper.getMailboxMapper(mailboxSession).findMailboxById(childMailboxId); mailboxMapper.getMailboxMapper(mailboxSession).setACL(childMailbox, new MailboxACL( new Entry(SHARED_USER_KEY, new Rfc4314Rights(Right.Write, Right.Lookup)))); storeMailboxManager.renameMailbox(CHILD_MAILBOX, MailboxPath.forUser(OWNER_USER, "shared1.sub1New"), mailboxSession); MailboxACL actualACL = storeMailboxManager.getMailbox(parentMailboxId1, mailboxSession) .getMetaData(RESET_RECENT, mailboxSession, MessageManager.MetaData.FetchGroup.NO_COUNT) .getACL(); assertThat(actualACL.getEntries()) .contains(lookupEntry); }
private CompletableFuture<Stream<Void>> removeAll(CassandraId cassandraId, Stream<MailboxACL.Entry> removedEntries) { return FluentFutureStream.of(removedEntries .map(entry -> cassandraAsyncExecutor.executeVoid( delete.bind() .setString(USER_NAME, entry.getKey().getName()) .setUUID(MAILBOX_ID, cassandraId.asUuid())))) .completableFuture(); }
public Stream<MailboxACL.Entry> changedEntries() { Map<MailboxACL.EntryKey, MailboxACL.Rfc4314Rights> oldEntries = oldACL.getEntries(); return newACL.getEntries() .entrySet() .stream() .filter(entry -> hasKeyWithDifferentValue(oldEntries, entry)) .map(entry -> new MailboxACL.Entry(entry.getKey(), entry.getValue())); }