fix(recall): #MZI-216 update recall admin's rights

OPEN-ENT-NG · May 23, 2023 · 5f7e441 · 5f7e441
1 parent 7aa669e
commit 5f7e441
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 41 deletions.
diff --git a/zimbra/src/main/java/fr/openent/zimbra/controllers/ZimbraController.java b/zimbra/src/main/java/fr/openent/zimbra/controllers/ZimbraController.java
@@ -19,6 +19,7 @@
 
 import fr.openent.zimbra.Zimbra;
 import fr.openent.zimbra.core.constants.Field;
+import fr.openent.zimbra.core.constants.RecallRights;
 import fr.openent.zimbra.core.enums.TaskStatus;
 import fr.openent.zimbra.filters.AccessibleDocFilter;
 import fr.openent.zimbra.filters.DevLevelFilter;
@@ -35,7 +36,6 @@
 import fr.openent.zimbra.security.ExpertAccess;
 import fr.openent.zimbra.security.RecallFilter;
 import fr.openent.zimbra.security.WorkflowActionUtils;
-import fr.openent.zimbra.security.WorkflowActions;
 import fr.openent.zimbra.tasks.service.RecallMailService;
 import fr.openent.zimbra.service.data.SearchService;
 import fr.openent.zimbra.tasks.service.impl.ICalQueueServiceImpl;
@@ -138,6 +138,10 @@ public void init(Vertx vertx, JsonObject config, RouteMatcher rm,
         this.sqlICalTaskService = serviceManager.getSqlICalTaskService();
     }
 
+    @SecuredAction(RecallRights.ZIMBRA_RECALL_ADMIN)
+    public void initRecallAdminRight(final HttpServerRequest request) {
+    }
+
     @Get("zimbra")
     @SecuredAction("zimbra.view")
     public void view(HttpServerRequest request) {
@@ -421,7 +425,8 @@ public void recallMail(final HttpServerRequest request) {
     }
 
     @Put("/recall/:id/accept")
-    @SecuredAction(value = "zimbra.recall.admin", type = ActionType.WORKFLOW)
+    @SecuredAction(value = "", type = ActionType.RESOURCE)
+    @ResourceFilter(RecallFilter.class)
     public void acceptRecall(HttpServerRequest request) {
         try {
             int recallId = Integer.parseInt(request.getParam(Field.ID));
@@ -1384,7 +1389,7 @@ public void zimbraEventBusHandler(Message<JsonObject> message) {
                 String userId = body.getString(Field.USERID, null);
                 if (userId !=  null) {
                     UserUtils.getUserInfos(eb, userId, user -> {
-                        Boolean hasExpertRight = WorkflowActionUtils.hasRight(user, WorkflowActions.EXPERT_ACCESS_RIGHT.toString());
+                        Boolean hasExpertRight = WorkflowActionUtils.hasRight(user, RecallRights.ZIMBRA_RECALL_EXPERT);
                         if (Boolean.TRUE.equals(hasExpertRight)) {
                             Action<ICalTask> icalAction = new Action<>(UUID.fromString(userId), fr.openent.zimbra.core.enums.ActionType.ICAL, false);
 

diff --git a/zimbra/src/main/java/fr/openent/zimbra/core/constants/RecallRights.java b/zimbra/src/main/java/fr/openent/zimbra/core/constants/RecallRights.java
@@ -0,0 +1,8 @@
+package fr.openent.zimbra.core.constants;
+
+public class RecallRights {
+    public static final String ZIMBRA_RECALL_ADMIN = "zimbra.recall.admin";
+    public static final String ZIMBRA_RECALL_ACCEPT = "zimbra.recall.accept";
+    public static final String ZIMBRA_RECALL_RIGHT = "zimbra.recall.right";
+    public static final String ZIMBRA_RECALL_EXPERT = "zimbra.expert";
+}
diff --git a/zimbra/src/main/java/fr/openent/zimbra/security/ExpertAccess.java b/zimbra/src/main/java/fr/openent/zimbra/security/ExpertAccess.java
@@ -18,6 +18,7 @@
 package fr.openent.zimbra.security;
 
 
+import fr.openent.zimbra.core.constants.RecallRights;
 import fr.wseduc.webutils.http.Binding;
 import org.entcore.common.http.filter.ResourcesProvider;
 import org.entcore.common.user.UserInfos;
@@ -30,7 +31,7 @@ public class ExpertAccess implements ResourcesProvider {
     public void authorize(HttpServerRequest request, Binding binding, UserInfos user,
                           Handler<Boolean> handler) {
 
-        if (WorkflowActionUtils.hasRight(user, WorkflowActions.EXPERT_ACCESS_RIGHT.toString())) {
+        if (WorkflowActionUtils.hasRight(user, RecallRights.ZIMBRA_RECALL_EXPERT)) {
             handler.handle(true);
         } else {
             handler.handle(false);

diff --git a/zimbra/src/main/java/fr/openent/zimbra/security/RecallFilter.java b/zimbra/src/main/java/fr/openent/zimbra/security/RecallFilter.java
@@ -1,5 +1,6 @@
 package fr.openent.zimbra.security;
 
+import fr.openent.zimbra.core.constants.RecallRights;
 import fr.wseduc.webutils.http.Binding;
 import io.vertx.core.Handler;
 import io.vertx.core.http.HttpServerRequest;
@@ -11,7 +12,7 @@ public class RecallFilter implements ResourcesProvider {
     @Override
     public void authorize(HttpServerRequest request, Binding binding, UserInfos user,
                           Handler<Boolean> handler) {
-        handler.handle(WorkflowActionUtils.hasRight(user, WorkflowActions.RECALL_ADMIN.toString()));
+        handler.handle(WorkflowActionUtils.hasRight(user, RecallRights.ZIMBRA_RECALL_ADMIN) || user.isADMC() || user.isADML());
     }
 
 }
diff --git a/zimbra/src/main/java/fr/openent/zimbra/security/WorkflowActions.java b/zimbra/src/main/java/fr/openent/zimbra/security/WorkflowActions.java