JAMES-2219 User should not be able to delete a mailbox he doesn't own
Project: http://git-wip-us.apache.org/repos/asf/james-project/repo Commit: http://git-wip-us.apache.org/repos/asf/james-project/commit/472447d4 Tree: http://git-wip-us.apache.org/repos/asf/james-project/tree/472447d4 Diff: http://git-wip-us.apache.org/repos/asf/james-project/diff/472447d4 Branch: refs/heads/master Commit: 472447d423b3e00348517987f4b790b8640008fa Parents: 4897901 Author: Antoine Duprat <[email protected]> Authored: Wed Nov 15 23:12:38 2017 +0100 Committer: Antoine Duprat <[email protected]> Committed: Thu Nov 16 14:19:16 2017 +0100 ---------------------------------------------------------------------- .../mailbox/store/StoreMailboxManager.java | 1 + .../cucumber/SetMailboxesMethodStepdefs.java | 24 ++++++++++++++++++++ .../resources/cucumber/GetMailboxes.feature | 9 ++++++++ 3 files changed, 34 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/james-project/blob/472447d4/mailbox/store/src/main/java/org/apache/james/mailbox/store/StoreMailboxManager.java ---------------------------------------------------------------------- diff --git a/mailbox/store/src/main/java/org/apache/james/mailbox/store/StoreMailboxManager.java b/mailbox/store/src/main/java/org/apache/james/mailbox/store/StoreMailboxManager.java index 6a72340..88c1aea 100644 --- a/mailbox/store/src/main/java/org/apache/james/mailbox/store/StoreMailboxManager.java +++ b/mailbox/store/src/main/java/org/apache/james/mailbox/store/StoreMailboxManager.java @@ -523,6 +523,7 @@ public class StoreMailboxManager implements MailboxManager { @Override public void deleteMailbox(final MailboxPath mailboxPath, final MailboxSession session) throws MailboxException { LOGGER.info("deleteMailbox " + mailboxPath); + assertIsOwner(session.getUser(), mailboxPath); final MailboxMapper mapper = mailboxSessionMapperFactory.getMailboxMapper(session); Mailbox mailbox = mapper.execute((Mapper.Transaction<Mailbox>) () -> { http://git-wip-us.apache.org/repos/asf/james-project/blob/472447d4/server/protocols/jmap-integration-testing/jmap-integration-testing-common/src/test/java/org/apache/james/jmap/methods/integration/cucumber/SetMailboxesMethodStepdefs.java ---------------------------------------------------------------------- diff --git a/server/protocols/jmap-integration-testing/jmap-integration-testing-common/src/test/java/org/apache/james/jmap/methods/integration/cucumber/SetMailboxesMethodStepdefs.java b/server/protocols/jmap-integration-testing/jmap-integration-testing-common/src/test/java/org/apache/james/jmap/methods/integration/cucumber/SetMailboxesMethodStepdefs.java index 59c1fbd..9d35294 100644 --- a/server/protocols/jmap-integration-testing/jmap-integration-testing-common/src/test/java/org/apache/james/jmap/methods/integration/cucumber/SetMailboxesMethodStepdefs.java +++ b/server/protocols/jmap-integration-testing/jmap-integration-testing-common/src/test/java/org/apache/james/jmap/methods/integration/cucumber/SetMailboxesMethodStepdefs.java @@ -166,6 +166,23 @@ public class SetMailboxesMethodStepdefs { renamingMailbox(userStepdefs.getConnectedUser(), actualMailboxName, newMailboxName); } + @When("^\"([^\"]*)\" deletes the mailbox \"([^\"]*)\" owned by \"([^\"]*)\"$") + public void deletesMailbox(String user, String mailboxName, String owner) throws Throwable { + Mailbox mailbox = mainStepdefs.mailboxProbe.getMailbox("#private", owner, mailboxName); + String mailboxId = mailbox.getMailboxId().serialize(); + userStepdefs.connectUser(user); + String requestBody = + "[" + + " [ \"setMailboxes\"," + + " {" + + " \"destroy\": [ \"" + mailboxId + "\" ]" + + " }," + + " \"#0\"" + + " ]" + + "]"; + httpClient.post(requestBody); + } + @When("^moving mailbox \"([^\"]*)\" to \"([^\"]*)\"$") public void movingMailbox(String actualMailboxPath, String newParentMailboxPath) throws Throwable { String username = userStepdefs.getConnectedUser(); @@ -229,4 +246,11 @@ public class SetMailboxesMethodStepdefs { assertThat(httpClient.jsonPath.<Map<String, String>>read("[0][1].notUpdated")) .containsOnlyKeys(mailbox.getMailboxId().serialize()); } + + @Then("^mailbox \"([^\"]*)\" owned by \"([^\"]*)\" is not destroyed$") + public void assertNotDestroyed(String mailboxName, String owner) throws Exception { + Mailbox mailbox = mainStepdefs.mailboxProbe.getMailbox(MailboxConstants.USER_NAMESPACE, owner, mailboxName); + assertThat(httpClient.jsonPath.<Map<String, String>>read("[0][1].notDestroyed")) + .containsOnlyKeys(mailbox.getMailboxId().serialize()); + } } http://git-wip-us.apache.org/repos/asf/james-project/blob/472447d4/server/protocols/jmap-integration-testing/jmap-integration-testing-common/src/test/resources/cucumber/GetMailboxes.feature ---------------------------------------------------------------------- diff --git a/server/protocols/jmap-integration-testing/jmap-integration-testing-common/src/test/resources/cucumber/GetMailboxes.feature b/server/protocols/jmap-integration-testing/jmap-integration-testing-common/src/test/resources/cucumber/GetMailboxes.feature index 34278c3..9ec81e9 100644 --- a/server/protocols/jmap-integration-testing/jmap-integration-testing-common/src/test/resources/cucumber/GetMailboxes.feature +++ b/server/protocols/jmap-integration-testing/jmap-integration-testing-common/src/test/resources/cucumber/GetMailboxes.feature @@ -277,3 +277,12 @@ Feature: GetMailboxes method Scenario: A sharee should receive a not updated response when trying to rename a shared mailbox Given "[email protected]" renames the mailbox, owned by "[email protected]", "shared" to "mySharedMailbox" Then mailbox "shared" owned by "[email protected]" is not updated + + Scenario: A sharee should receive a not destroyed response when trying to destroy a shared mailbox + Given "[email protected]" deletes the mailbox "shared" owned by "[email protected]" + Then mailbox "shared" owned by "[email protected]" is not destroyed + + Scenario: A sharee should not be able to delete a shared mailbox + Given "[email protected]" deletes the mailbox "shared" owned by "[email protected]" + When "[email protected]" lists mailboxes + Then the mailboxes should contain "shared" in "Personal" namespace --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
