You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by bt...@apache.org on 2020/06/03 01:28:55 UTC

[james-project] 03/04: JAMES-3171 Get mailboxes on jmap-draft should return shared mailboxes without the role

This is an automated email from the ASF dual-hosted git repository.

btellier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git

commit e409b11c2ac64aaf006495f2ab7cac97f97dcb9a
Author: Rene Cordier <rc...@linagora.com>
AuthorDate: Tue May 26 17:42:12 2020 +0700

    JAMES-3171 Get mailboxes on jmap-draft should return shared mailboxes without the role
---
 .../integration/GetMailboxesMethodTest.java        | 20 ++++++++++++++++
 .../james/jmap/draft/model/MailboxFactory.java     |  3 ++-
 .../jmap/draft/methods/GetMailboxesMethodTest.java | 28 ++++++++++++++++++++++
 3 files changed, 50 insertions(+), 1 deletion(-)

diff --git a/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/java/org/apache/james/jmap/draft/methods/integration/GetMailboxesMethodTest.java b/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/java/org/apache/james/jmap/draft/methods/integration/GetMailboxesMethodTest.java
index a3d4320..1ad34be 100644
--- a/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/java/org/apache/james/jmap/draft/methods/integration/GetMailboxesMethodTest.java
+++ b/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/java/org/apache/james/jmap/draft/methods/integration/GetMailboxesMethodTest.java
@@ -682,6 +682,26 @@ public abstract class GetMailboxesMethodTest {
     }
 
     @Test
+    public void getMailboxesShouldNotExposeRoleOfSharedMailboxToSharee() throws Exception {
+        MailboxPath bobMailboxPath = MailboxPath.forUser(BOB, DefaultMailboxes.INBOX);
+        MailboxId mailboxId = mailboxProbe.createMailbox(bobMailboxPath);
+
+        mailboxProbe.createMailbox(MailboxConstants.USER_NAMESPACE, ALICE.asString(), DefaultMailboxes.INBOX);
+
+        aclProbe.replaceRights(bobMailboxPath, ALICE.asString(), new Rfc4314Rights(Right.Lookup));
+
+        given()
+            .header("Authorization", accessToken.asString())
+            .body("[[\"getMailboxes\", {\"ids\": [\"" + mailboxId.serialize() + "\"]}, \"#0\"]]")
+        .when()
+            .post("/jmap")
+        .then()
+            .statusCode(200)
+            .body(FIRST_MAILBOX + ".role", nullValue())
+            .body(FIRST_MAILBOX + ".sortOrder", equalTo(1000));
+    }
+
+    @Test
     public void getMailboxesShouldReturnDelegatedNamespaceWhenSharedMailbox() throws Exception {
         String sharedMailboxName = "BobShared";
         MailboxId mailboxId = mailboxProbe.createMailbox(MailboxConstants.USER_NAMESPACE, BOB.asString(), sharedMailboxName);
diff --git a/server/protocols/jmap-draft/src/main/java/org/apache/james/jmap/draft/model/MailboxFactory.java b/server/protocols/jmap-draft/src/main/java/org/apache/james/jmap/draft/model/MailboxFactory.java
index 11c059a..d4597b7 100644
--- a/server/protocols/jmap-draft/src/main/java/org/apache/james/jmap/draft/model/MailboxFactory.java
+++ b/server/protocols/jmap-draft/src/main/java/org/apache/james/jmap/draft/model/MailboxFactory.java
@@ -168,7 +168,8 @@ public class MailboxFactory {
                          QuotaLoader quotaLoader,
                          MailboxSession mailboxSession) throws MailboxException {
         boolean isOwner = mailboxPath.belongsTo(mailboxSession);
-        Optional<Role> role = Role.from(mailboxPath.getName());
+        Optional<Role> role = Role.from(mailboxPath.getName())
+            .filter(any -> mailboxPath.belongsTo(mailboxSession));
 
         Rights rights = Rights.fromACL(resolvedAcl)
             .removeEntriesFor(mailboxPath.getUser());
diff --git a/server/protocols/jmap-draft/src/test/java/org/apache/james/jmap/draft/methods/GetMailboxesMethodTest.java b/server/protocols/jmap-draft/src/test/java/org/apache/james/jmap/draft/methods/GetMailboxesMethodTest.java
index f51721b..f47ede8 100644
--- a/server/protocols/jmap-draft/src/test/java/org/apache/james/jmap/draft/methods/GetMailboxesMethodTest.java
+++ b/server/protocols/jmap-draft/src/test/java/org/apache/james/jmap/draft/methods/GetMailboxesMethodTest.java
@@ -45,6 +45,7 @@ import org.apache.james.mailbox.Role;
 import org.apache.james.mailbox.exception.MailboxException;
 import org.apache.james.mailbox.inmemory.InMemoryId;
 import org.apache.james.mailbox.inmemory.manager.InMemoryIntegrationResources;
+import org.apache.james.mailbox.model.MailboxACL;
 import org.apache.james.mailbox.model.MailboxPath;
 import org.apache.james.mailbox.quota.QuotaManager;
 import org.apache.james.mailbox.quota.QuotaRootResolver;
@@ -412,4 +413,31 @@ public class GetMailboxesMethodTest {
                         Tuple.tuple("Restored-Messages", Optional.of(Role.RESTORED_MESSAGES)),
                         Tuple.tuple("WITHOUT ROLE", Optional.empty()));
     }
+
+    @Test
+    public void getMailboxesShouldNotExposeRoleOfSharedMailboxToSharee() throws Exception {
+        MailboxSession userSession = mailboxManager.createSystemSession(USERNAME);
+        MailboxSession user2Session = mailboxManager.createSystemSession(USERNAME2);
+
+        MailboxPath mailboxPath = MailboxPath.forUser(USERNAME, "INBOX");
+        mailboxManager.createMailbox(MailboxPath.forUser(USERNAME, "INBOX"), userSession);
+
+        MailboxACL.Rfc4314Rights rights = new MailboxACL.Rfc4314Rights(MailboxACL.Right.Lookup);
+        MailboxACL.ACLCommand command = MailboxACL.command().forUser(Username.of(USERNAME2.asString())).rights(rights).asReplacement();
+        mailboxManager.applyRightsCommand(mailboxPath, command, userSession);
+
+        GetMailboxesRequest getMailboxesRequest = GetMailboxesRequest.builder()
+            .build();
+
+        List<JmapResponse> getMailboxesResponse = getMailboxesMethod.processToStream(getMailboxesRequest, methodCallId, user2Session).collect(Collectors.toList());
+
+        assertThat(getMailboxesResponse)
+            .hasSize(1)
+            .extracting(JmapResponse::getResponse)
+            .hasOnlyElementsOfType(GetMailboxesResponse.class)
+            .extracting(GetMailboxesResponse.class::cast)
+            .flatExtracting(GetMailboxesResponse::getList)
+            .extracting(Mailbox::getName, Mailbox::getRole)
+            .containsOnly(Tuple.tuple("INBOX", Optional.empty()));
+    }
 }


---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org