You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by ad...@apache.org on 2017/11/16 13:20:30 UTC
[3/8] james-project git commit: JAMES-2219 User should not be able to
delete a mailbox he doesn't own
JAMES-2219 User should not be able to delete a mailbox he doesn't own
Project: http://git-wip-us.apache.org/repos/asf/james-project/repo
Commit: http://git-wip-us.apache.org/repos/asf/james-project/commit/472447d4
Tree: http://git-wip-us.apache.org/repos/asf/james-project/tree/472447d4
Diff: http://git-wip-us.apache.org/repos/asf/james-project/diff/472447d4
Branch: refs/heads/master
Commit: 472447d423b3e00348517987f4b790b8640008fa
Parents: 4897901
Author: Antoine Duprat <ad...@linagora.com>
Authored: Wed Nov 15 23:12:38 2017 +0100
Committer: Antoine Duprat <ad...@linagora.com>
Committed: Thu Nov 16 14:19:16 2017 +0100
----------------------------------------------------------------------
.../mailbox/store/StoreMailboxManager.java | 1 +
.../cucumber/SetMailboxesMethodStepdefs.java | 24 ++++++++++++++++++++
.../resources/cucumber/GetMailboxes.feature | 9 ++++++++
3 files changed, 34 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/james-project/blob/472447d4/mailbox/store/src/main/java/org/apache/james/mailbox/store/StoreMailboxManager.java
----------------------------------------------------------------------
diff --git a/mailbox/store/src/main/java/org/apache/james/mailbox/store/StoreMailboxManager.java b/mailbox/store/src/main/java/org/apache/james/mailbox/store/StoreMailboxManager.java
index 6a72340..88c1aea 100644
--- a/mailbox/store/src/main/java/org/apache/james/mailbox/store/StoreMailboxManager.java
+++ b/mailbox/store/src/main/java/org/apache/james/mailbox/store/StoreMailboxManager.java
@@ -523,6 +523,7 @@ public class StoreMailboxManager implements MailboxManager {
@Override
public void deleteMailbox(final MailboxPath mailboxPath, final MailboxSession session) throws MailboxException {
LOGGER.info("deleteMailbox " + mailboxPath);
+ assertIsOwner(session.getUser(), mailboxPath);
final MailboxMapper mapper = mailboxSessionMapperFactory.getMailboxMapper(session);
Mailbox mailbox = mapper.execute((Mapper.Transaction<Mailbox>) () -> {
http://git-wip-us.apache.org/repos/asf/james-project/blob/472447d4/server/protocols/jmap-integration-testing/jmap-integration-testing-common/src/test/java/org/apache/james/jmap/methods/integration/cucumber/SetMailboxesMethodStepdefs.java
----------------------------------------------------------------------
diff --git a/server/protocols/jmap-integration-testing/jmap-integration-testing-common/src/test/java/org/apache/james/jmap/methods/integration/cucumber/SetMailboxesMethodStepdefs.java b/server/protocols/jmap-integration-testing/jmap-integration-testing-common/src/test/java/org/apache/james/jmap/methods/integration/cucumber/SetMailboxesMethodStepdefs.java
index 59c1fbd..9d35294 100644
--- a/server/protocols/jmap-integration-testing/jmap-integration-testing-common/src/test/java/org/apache/james/jmap/methods/integration/cucumber/SetMailboxesMethodStepdefs.java
+++ b/server/protocols/jmap-integration-testing/jmap-integration-testing-common/src/test/java/org/apache/james/jmap/methods/integration/cucumber/SetMailboxesMethodStepdefs.java
@@ -166,6 +166,23 @@ public class SetMailboxesMethodStepdefs {
renamingMailbox(userStepdefs.getConnectedUser(), actualMailboxName, newMailboxName);
}
+ @When("^\"([^\"]*)\" deletes the mailbox \"([^\"]*)\" owned by \"([^\"]*)\"$")
+ public void deletesMailbox(String user, String mailboxName, String owner) throws Throwable {
+ Mailbox mailbox = mainStepdefs.mailboxProbe.getMailbox("#private", owner, mailboxName);
+ String mailboxId = mailbox.getMailboxId().serialize();
+ userStepdefs.connectUser(user);
+ String requestBody =
+ "[" +
+ " [ \"setMailboxes\"," +
+ " {" +
+ " \"destroy\": [ \"" + mailboxId + "\" ]" +
+ " }," +
+ " \"#0\"" +
+ " ]" +
+ "]";
+ httpClient.post(requestBody);
+ }
+
@When("^moving mailbox \"([^\"]*)\" to \"([^\"]*)\"$")
public void movingMailbox(String actualMailboxPath, String newParentMailboxPath) throws Throwable {
String username = userStepdefs.getConnectedUser();
@@ -229,4 +246,11 @@ public class SetMailboxesMethodStepdefs {
assertThat(httpClient.jsonPath.<Map<String, String>>read("[0][1].notUpdated"))
.containsOnlyKeys(mailbox.getMailboxId().serialize());
}
+
+ @Then("^mailbox \"([^\"]*)\" owned by \"([^\"]*)\" is not destroyed$")
+ public void assertNotDestroyed(String mailboxName, String owner) throws Exception {
+ Mailbox mailbox = mainStepdefs.mailboxProbe.getMailbox(MailboxConstants.USER_NAMESPACE, owner, mailboxName);
+ assertThat(httpClient.jsonPath.<Map<String, String>>read("[0][1].notDestroyed"))
+ .containsOnlyKeys(mailbox.getMailboxId().serialize());
+ }
}
http://git-wip-us.apache.org/repos/asf/james-project/blob/472447d4/server/protocols/jmap-integration-testing/jmap-integration-testing-common/src/test/resources/cucumber/GetMailboxes.feature
----------------------------------------------------------------------
diff --git a/server/protocols/jmap-integration-testing/jmap-integration-testing-common/src/test/resources/cucumber/GetMailboxes.feature b/server/protocols/jmap-integration-testing/jmap-integration-testing-common/src/test/resources/cucumber/GetMailboxes.feature
index 34278c3..9ec81e9 100644
--- a/server/protocols/jmap-integration-testing/jmap-integration-testing-common/src/test/resources/cucumber/GetMailboxes.feature
+++ b/server/protocols/jmap-integration-testing/jmap-integration-testing-common/src/test/resources/cucumber/GetMailboxes.feature
@@ -277,3 +277,12 @@ Feature: GetMailboxes method
Scenario: A sharee should receive a not updated response when trying to rename a shared mailbox
Given "bob@domain.tld" renames the mailbox, owned by "alice@domain.tld", "shared" to "mySharedMailbox"
Then mailbox "shared" owned by "alice@domain.tld" is not updated
+
+ Scenario: A sharee should receive a not destroyed response when trying to destroy a shared mailbox
+ Given "bob@domain.tld" deletes the mailbox "shared" owned by "alice@domain.tld"
+ Then mailbox "shared" owned by "alice@domain.tld" is not destroyed
+
+ Scenario: A sharee should not be able to delete a shared mailbox
+ Given "bob@domain.tld" deletes the mailbox "shared" owned by "alice@domain.tld"
+ When "alice@domain.tld" lists mailboxes
+ Then the mailboxes should contain "shared" in "Personal" namespace
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org