public MailboxACL toMailboxAcl() { BinaryOperator<MailboxACL> union = Throwing.binaryOperator(MailboxACL::union); return rights.asMap() .entrySet() .stream() .map(entry -> new MailboxACL( ImmutableMap.of( EntryKey.createUserEntryKey(entry.getKey().value), toMailboxAclRights(entry.getValue())))) .reduce(MailboxACL.EMPTY, union); }
private Boolean hasRightOn(Mailbox mailbox, String userName, Right right) { return Optional.ofNullable( mailbox.getACL() .ofPositiveNameType(NameType.user) .get(MailboxACL.EntryKey.createUserEntryKey(userName))) .map(rights -> rights.contains(right)) .orElse(false); } }
/** * ACL is sensible information and as such we should expose as few information as possible * to users. This method allows to filter a {@link MailboxACL} in order to present it to * the connected user. */ @VisibleForTesting static MailboxACL filteredForSession(Mailbox mailbox, MailboxACL acl, MailboxSession mailboxSession) throws UnsupportedRightException { if (mailbox.generateAssociatedPath().belongsTo(mailboxSession)) { return acl; } MailboxACL.EntryKey userAsKey = MailboxACL.EntryKey.createUserEntryKey(mailboxSession.getUser().getUserName()); Rfc4314Rights rights = acl.getEntries().getOrDefault(userAsKey, new Rfc4314Rights()); if (rights.contains(MailboxACL.Right.Administer)) { return acl; } return new MailboxACL(ImmutableMap.of(userAsKey, rights)); } }
@Test public void updateShouldFilterOwnerACL() throws Exception { String myBox = "myBox"; String user2 = "user2"; MailboxId mailboxId = mailboxProbe.createMailbox(MailboxConstants.USER_NAMESPACE, username, myBox); with() .header("Authorization", accessToken.serialize()) .body("[" + " [ \"setMailboxes\"," + " {" + " \"update\": {" + " \"" + mailboxId.serialize() + "\" : {" + " \"sharedWith\" : {\"" + username + "\": [\"a\", \"w\"]," + " \"" + user2 + "\": [\"a\", \"w\"]}" + " }" + " }" + " }," + " \"#0\"" + " ]" + "]") .post("/jmap"); MailboxACL acl = jmapServer.getProbe(ACLProbeImpl.class) .retrieveRights(MailboxPath.forUser(username, myBox)); assertThat(acl.getEntries()) .doesNotContainKeys(MailboxACL.EntryKey.createUserEntryKey(username)); }
@Before public void setUp() throws Exception { user1Key = EntryKey.createUserEntryKey(USER_1); user2Key = EntryKey.createUserEntryKey(USER_2); group1Key = EntryKey.createGroupEntryKey(GROUP_1); group2Key = EntryKey.createGroupEntryKey(GROUP_2); MailboxACL acl = new MailboxACL(new Entry(MailboxACL.AUTHENTICATED_KEY, MailboxACL.FULL_RIGHTS)); authenticatedReadListWriteGlobal = new UnionMailboxACLResolver(acl, acl); acl = new MailboxACL(new Entry(MailboxACL.ANYBODY_KEY, Rfc4314Rights.fromSerializedRfc4314Rights("rl"))); anyoneReadListGlobal = new UnionMailboxACLResolver(acl, acl); acl = new MailboxACL(new Entry(MailboxACL.OWNER_KEY, MailboxACL.FULL_RIGHTS)); ownerFullGlobal = new UnionMailboxACLResolver(acl, acl); noGlobals = new UnionMailboxACLResolver(MailboxACL.EMPTY, MailboxACL.EMPTY); acl = new MailboxACL(new Entry(new EntryKey(GROUP_2, NameType.group, true), MailboxACL.FULL_RIGHTS)); negativeGroup2FullGlobal = new UnionMailboxACLResolver(acl, new MailboxACL(new Entry(new EntryKey(GROUP_2, NameType.group, true), MailboxACL.FULL_RIGHTS))); groupMembershipResolver = new SimpleGroupMembershipResolver(); groupMembershipResolver.addMembership(GROUP_1, USER_1); groupMembershipResolver.addMembership(GROUP_2, USER_2); user1Read = new MailboxACL(new Entry(user1Key, Rfc4314Rights.fromSerializedRfc4314Rights("r"))); user1ReadNegative = new MailboxACL(new Entry(EntryKey.createUserEntryKey(USER_1, true), Rfc4314Rights.fromSerializedRfc4314Rights("r"))); group1Read = new MailboxACL(new Entry(group1Key, Rfc4314Rights.fromSerializedRfc4314Rights("r"))); group1ReadNegative = new MailboxACL(new Entry(EntryKey.createGroupEntryKey(GROUP_1, true), Rfc4314Rights.fromSerializedRfc4314Rights("r"))); anybodyRead = new MailboxACL(new Entry(MailboxACL.ANYBODY_KEY, Rfc4314Rights.fromSerializedRfc4314Rights("r"))); anybodyReadNegative = new MailboxACL(new Entry(MailboxACL.ANYBODY_NEGATIVE_KEY, Rfc4314Rights.fromSerializedRfc4314Rights("r"))); authenticatedRead = new MailboxACL(new Entry(MailboxACL.AUTHENTICATED_KEY, Rfc4314Rights.fromSerializedRfc4314Rights("r"))); authenticatedReadNegative = new MailboxACL(new Entry(MailboxACL.AUTHENTICATED_NEGATIVE_KEY, Rfc4314Rights.fromSerializedRfc4314Rights("r"))); ownerRead = new MailboxACL(new Entry(MailboxACL.OWNER_KEY, Rfc4314Rights.fromSerializedRfc4314Rights("r"))); ownerReadNegative = new MailboxACL(new Entry(MailboxACL.OWNER_NEGATIVE_KEY, Rfc4314Rights.fromSerializedRfc4314Rights("r"))); }
@Test public void eventShouldDoNothingWhenNegativeACLEntry() throws Exception { EntryKey negativeUserKey = EntryKey.createUserEntryKey(SHARED_USER, true); storeRightManager.applyRightsCommand( GRAND_CHILD_MAILBOX, MailboxACL.command() .key(negativeUserKey) .rights(Right.Lookup) .asAddition(), mailboxSession); MailboxACL actualACL = storeMailboxManager.getMailbox(parentMailboxId, mailboxSession) .getMetaData(RESET_RECENT, mailboxSession, MessageManager.MetaData.FetchGroup.NO_COUNT) .getACL(); assertThat(actualACL.getEntries()) .hasSize(1) .doesNotContainKeys(negativeUserKey); } }
public Builder forUser(String user) { key = EntryKey.createUserEntryKey(user); return this; }
@Test public void fromACLShouldFilterOutUnknownRights() throws Exception { MailboxACL acl = new MailboxACL(ImmutableMap.of( EntryKey.createUserEntryKey("user"), Rfc4314Rights.fromSerializedRfc4314Rights("aetpk"))); assertThat(Rights.fromACL(acl)) .isEqualTo(Rights.builder() .delegateTo(USERNAME, Right.Administer, Right.Expunge, Right.DeleteMessages) .build()); }
@Test public void fromACLShouldFilterNegatedUsers() throws Exception { MailboxACL acl = new MailboxACL(ImmutableMap.of( EntryKey.createUserEntryKey("user", NEGATIVE), Rfc4314Rights.fromSerializedRfc4314Rights("aet"))); assertThat(Rights.fromACL(acl)) .isEqualTo(Rights.EMPTY); }
@Test public void usersACLShouldReturnOnlyUsersMapWhenSomeUserEntries() throws Exception { MailboxACL.Rfc4314Rights rights = MailboxACL.Rfc4314Rights.fromSerializedRfc4314Rights("aei"); MailboxACL mailboxACL = new MailboxACL( ImmutableMap.of(EntryKey.createUserEntryKey("user1"), MailboxACL.FULL_RIGHTS, EntryKey.createGroupEntryKey("group"), MailboxACL.FULL_RIGHTS, EntryKey.createUserEntryKey("user2"), rights, EntryKey.createGroupEntryKey("group2"), MailboxACL.NO_RIGHTS)); assertThat(mailboxACL.ofPositiveNameType(NameType.user)) .containsOnly( MapEntry.entry(EntryKey.createUserEntryKey("user1"), MailboxACL.FULL_RIGHTS), MapEntry.entry(EntryKey.createUserEntryKey("user2"), rights)); }
@Test public void fromACLShouldAcceptUsers() throws Exception { MailboxACL acl = new MailboxACL(ImmutableMap.of( EntryKey.createUserEntryKey("user"), Rfc4314Rights.fromSerializedRfc4314Rights("aet"))); assertThat(Rights.fromACL(acl)) .isEqualTo(Rights.builder() .delegateTo(USERNAME, Right.Administer, Right.Expunge, Right.DeleteMessages) .build()); }
@Test public void ofPositiveNameTypeShouldFilterOutNegativeEntries() throws Exception { MailboxACL mailboxACL = new MailboxACL( ImmutableMap.of(EntryKey.createUserEntryKey("user1", NEGATIVE), MailboxACL.FULL_RIGHTS)); assertThat(mailboxACL.ofPositiveNameType(NameType.user)) .isEmpty(); } }