This is an automated email from the ASF dual-hosted git repository. btellier pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/james-project.git
commit e409b11c2ac64aaf006495f2ab7cac97f97dcb9a Author: Rene Cordier <[email protected]> AuthorDate: Tue May 26 17:42:12 2020 +0700 JAMES-3171 Get mailboxes on jmap-draft should return shared mailboxes without the role --- .../integration/GetMailboxesMethodTest.java | 20 ++++++++++++++++ .../james/jmap/draft/model/MailboxFactory.java | 3 ++- .../jmap/draft/methods/GetMailboxesMethodTest.java | 28 ++++++++++++++++++++++ 3 files changed, 50 insertions(+), 1 deletion(-) diff --git a/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/java/org/apache/james/jmap/draft/methods/integration/GetMailboxesMethodTest.java b/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/java/org/apache/james/jmap/draft/methods/integration/GetMailboxesMethodTest.java index a3d4320..1ad34be 100644 --- a/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/java/org/apache/james/jmap/draft/methods/integration/GetMailboxesMethodTest.java +++ b/server/protocols/jmap-draft-integration-testing/jmap-draft-integration-testing-common/src/test/java/org/apache/james/jmap/draft/methods/integration/GetMailboxesMethodTest.java @@ -682,6 +682,26 @@ public abstract class GetMailboxesMethodTest { } @Test + public void getMailboxesShouldNotExposeRoleOfSharedMailboxToSharee() throws Exception { + MailboxPath bobMailboxPath = MailboxPath.forUser(BOB, DefaultMailboxes.INBOX); + MailboxId mailboxId = mailboxProbe.createMailbox(bobMailboxPath); + + mailboxProbe.createMailbox(MailboxConstants.USER_NAMESPACE, ALICE.asString(), DefaultMailboxes.INBOX); + + aclProbe.replaceRights(bobMailboxPath, ALICE.asString(), new Rfc4314Rights(Right.Lookup)); + + given() + .header("Authorization", accessToken.asString()) + .body("[[\"getMailboxes\", {\"ids\": [\"" + mailboxId.serialize() + "\"]}, \"#0\"]]") + .when() + .post("/jmap") + .then() + .statusCode(200) + .body(FIRST_MAILBOX + ".role", nullValue()) + .body(FIRST_MAILBOX + ".sortOrder", equalTo(1000)); + } + + @Test public void getMailboxesShouldReturnDelegatedNamespaceWhenSharedMailbox() throws Exception { String sharedMailboxName = "BobShared"; MailboxId mailboxId = mailboxProbe.createMailbox(MailboxConstants.USER_NAMESPACE, BOB.asString(), sharedMailboxName); diff --git a/server/protocols/jmap-draft/src/main/java/org/apache/james/jmap/draft/model/MailboxFactory.java b/server/protocols/jmap-draft/src/main/java/org/apache/james/jmap/draft/model/MailboxFactory.java index 11c059a..d4597b7 100644 --- a/server/protocols/jmap-draft/src/main/java/org/apache/james/jmap/draft/model/MailboxFactory.java +++ b/server/protocols/jmap-draft/src/main/java/org/apache/james/jmap/draft/model/MailboxFactory.java @@ -168,7 +168,8 @@ public class MailboxFactory { QuotaLoader quotaLoader, MailboxSession mailboxSession) throws MailboxException { boolean isOwner = mailboxPath.belongsTo(mailboxSession); - Optional<Role> role = Role.from(mailboxPath.getName()); + Optional<Role> role = Role.from(mailboxPath.getName()) + .filter(any -> mailboxPath.belongsTo(mailboxSession)); Rights rights = Rights.fromACL(resolvedAcl) .removeEntriesFor(mailboxPath.getUser()); diff --git a/server/protocols/jmap-draft/src/test/java/org/apache/james/jmap/draft/methods/GetMailboxesMethodTest.java b/server/protocols/jmap-draft/src/test/java/org/apache/james/jmap/draft/methods/GetMailboxesMethodTest.java index f51721b..f47ede8 100644 --- a/server/protocols/jmap-draft/src/test/java/org/apache/james/jmap/draft/methods/GetMailboxesMethodTest.java +++ b/server/protocols/jmap-draft/src/test/java/org/apache/james/jmap/draft/methods/GetMailboxesMethodTest.java @@ -45,6 +45,7 @@ import org.apache.james.mailbox.Role; import org.apache.james.mailbox.exception.MailboxException; import org.apache.james.mailbox.inmemory.InMemoryId; import org.apache.james.mailbox.inmemory.manager.InMemoryIntegrationResources; +import org.apache.james.mailbox.model.MailboxACL; import org.apache.james.mailbox.model.MailboxPath; import org.apache.james.mailbox.quota.QuotaManager; import org.apache.james.mailbox.quota.QuotaRootResolver; @@ -412,4 +413,31 @@ public class GetMailboxesMethodTest { Tuple.tuple("Restored-Messages", Optional.of(Role.RESTORED_MESSAGES)), Tuple.tuple("WITHOUT ROLE", Optional.empty())); } + + @Test + public void getMailboxesShouldNotExposeRoleOfSharedMailboxToSharee() throws Exception { + MailboxSession userSession = mailboxManager.createSystemSession(USERNAME); + MailboxSession user2Session = mailboxManager.createSystemSession(USERNAME2); + + MailboxPath mailboxPath = MailboxPath.forUser(USERNAME, "INBOX"); + mailboxManager.createMailbox(MailboxPath.forUser(USERNAME, "INBOX"), userSession); + + MailboxACL.Rfc4314Rights rights = new MailboxACL.Rfc4314Rights(MailboxACL.Right.Lookup); + MailboxACL.ACLCommand command = MailboxACL.command().forUser(Username.of(USERNAME2.asString())).rights(rights).asReplacement(); + mailboxManager.applyRightsCommand(mailboxPath, command, userSession); + + GetMailboxesRequest getMailboxesRequest = GetMailboxesRequest.builder() + .build(); + + List<JmapResponse> getMailboxesResponse = getMailboxesMethod.processToStream(getMailboxesRequest, methodCallId, user2Session).collect(Collectors.toList()); + + assertThat(getMailboxesResponse) + .hasSize(1) + .extracting(JmapResponse::getResponse) + .hasOnlyElementsOfType(GetMailboxesResponse.class) + .extracting(GetMailboxesResponse.class::cast) + .flatExtracting(GetMailboxesResponse::getList) + .extracting(Mailbox::getName, Mailbox::getRole) + .containsOnly(Tuple.tuple("INBOX", Optional.empty())); + } } --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
