Browse code

FEATBL-298 Fix: mbox acl validator, no public sharing for mailshare

David Phan authored on 07/02/2018 12:51:56
Showing 3 changed files
... ...
@@ -435,55 +435,22 @@ public class MailboxValidatorTests extends AbstractMailboxServiceTests {
435 435
 		accessControlEntries.add(AccessControlEntry.create(UUID.randomUUID().toString(), Verb.Write));
436 436
 		accessControlEntries.add(AccessControlEntry.create(UUID.randomUUID().toString(), Verb.Read));
437 437
 		try {
438
-			validator.validateAccessControlEntity("toto", accessControlEntries);
438
+			validator.validateAccessControlEntity(accessControlEntries);
439 439
 		} catch (ServerFault sf) {
440 440
 			fail();
441 441
 		}
442 442
 	}
443 443
 
444 444
 	@Test
445
-	public void validate_UserMailboxPublicSharing_Forbidden() throws SQLException {
446
-
447
-		Mailbox mbox = new Mailbox();
448
-		mbox.type = Type.user;
449
-		mbox.routing = Mailbox.Routing.external;
450
-		mbox.dataLocation = imapServer.address();
451
-		mbox.name = "usermbox";
452
-
453
-		itemStore.create(Item.create("usermbox@bm.lan", null));
454
-		Item item = itemStore.get("usermbox@bm.lan");
455
-		mailboxStore.create(item, mbox);
456
-
445
+	public void validate_MailboxPublicSharing_Forbidden() {
457 446
 		ArrayList<AccessControlEntry> accessControlEntries = new ArrayList<AccessControlEntry>();
458 447
 		accessControlEntries.add(AccessControlEntry.create(domainUid, Verb.Write));
459 448
 		accessControlEntries.add(AccessControlEntry.create(UUID.randomUUID().toString(), Verb.Read));
460 449
 		try {
461
-			validator.validateAccessControlEntity(item.uid, accessControlEntries);
450
+			validator.validateAccessControlEntity(accessControlEntries);
462 451
 			fail();
463 452
 		} catch (ServerFault sf) {
464 453
 		}
465 454
 	}
466 455
 
467
-	@Test
468
-	public void validate_MailshareMailboxPublicSharing_Ok() throws SQLException {
469
-
470
-		Mailbox mbox = new Mailbox();
471
-		mbox.type = Type.mailshare;
472
-		mbox.routing = Mailbox.Routing.external;
473
-		mbox.dataLocation = imapServer.address();
474
-		mbox.name = "msharembox";
475
-
476
-		itemStore.create(Item.create("msharembox@bm.lan", null));
477
-		Item item = itemStore.get("msharembox@bm.lan");
478
-		mailboxStore.create(item, mbox);
479
-
480
-		ArrayList<AccessControlEntry> accessControlEntries = new ArrayList<AccessControlEntry>();
481
-		accessControlEntries.add(AccessControlEntry.create(domainUid, Verb.Write));
482
-		accessControlEntries.add(AccessControlEntry.create(UUID.randomUUID().toString(), Verb.Read));
483
-		try {
484
-			validator.validateAccessControlEntity(item.uid, accessControlEntries);
485
-		} catch (ServerFault sf) {
486
-			fail();
487
-		}
488
-	}
489 456
 }
... ...
@@ -37,7 +37,6 @@ import net.bluemind.core.container.persistance.ItemStore;
37 37
 import net.bluemind.core.rest.BmContext;
38 38
 import net.bluemind.domain.api.DomainSettingsKeys;
39 39
 import net.bluemind.domain.api.IDomainSettings;
40
-import net.bluemind.mailbox.api.IMailboxes;
41 40
 import net.bluemind.mailbox.api.Mailbox;
42 41
 import net.bluemind.mailbox.api.Mailbox.Routing;
43 42
 import net.bluemind.mailbox.api.Mailbox.Type;
... ...
@@ -133,14 +132,10 @@ public class MailboxValidator {
133 133
 
134 134
 	}
135 135
 
136
-	public void validateAccessControlEntity(String mailboxUid, List<AccessControlEntry> accessControlEntries) {
136
+	public void validateAccessControlEntity(List<AccessControlEntry> accessControlEntries) {
137 137
 		if (accessControlEntries.stream().anyMatch(ace -> domainUid.equals(ace.subject))) {
138
-			// no public sharing for user mailbox
139
-			IMailboxes service = context.provider().instance(IMailboxes.class, domainUid);
140
-			ItemValue<Mailbox> mbox = service.getComplete(mailboxUid);
141
-			if (mbox.value.type == Mailbox.Type.user) {
142
-				throw new ServerFault("Public sharing for user mailbox is forbidden", ErrorCode.FORBIDDEN);
143
-			}
138
+			// no public sharing mailbox
139
+			throw new ServerFault("Public sharing for user mailbox is forbidden", ErrorCode.FORBIDDEN);
144 140
 		}
145 141
 	}
146 142
 
... ...
@@ -401,7 +401,7 @@ public class MailboxesService implements IMailboxes, IInCoreMailboxes {
401 401
 			throws ServerFault {
402 402
 		rbacManager.forContainer(MailboxAclContainerType.uidForMailbox(mailboxUid)).check(Verb.Manage.name());
403 403
 
404
-		validator.validateAccessControlEntity(mailboxUid, accessControlEntries);
404
+		validator.validateAccessControlEntity(accessControlEntries);
405 405
 
406 406
 		IContainerManagement cmgmt = context.provider().instance(IContainerManagement.class,
407 407
 				MailboxAclContainerType.uidForMailbox(mailboxUid));