/**
* returns true if grantee {@code gt} can be granted Admin Rights
*
* <p>Note: - system admins cannot receive grants - they don't need any
*
* @param gt
* @param grantee
* @return
*/
static boolean isValidGranteeForAdminRights(GranteeType gt, NamedEntry grantee) {
if (gt == GranteeType.GT_USER) {
return (!grantee.getBooleanAttr(Provisioning.A_zimbraIsAdminAccount, false)
&& grantee.getBooleanAttr(Provisioning.A_zimbraIsDelegatedAdminAccount, false));
} else if (gt == GranteeType.GT_GROUP) {
return grantee.getBooleanAttr(Provisioning.A_zimbraIsAdminGroup, false);
} else if (gt == GranteeType.GT_EXT_GROUP) {
return true;
} else {
return false;
}
}
// public only for unit test. TODO: cleanup unit test
public Grantee(NamedEntry grantee, boolean adminOnly) throws ServiceException {
super(grantee);
Provisioning prov = grantee.getProvisioning();
GroupMembership granteeGroups = null;
if (grantee instanceof Account) {
mGranteeType = GranteeType.GT_USER;
mGranteeDomain = prov.getDomain((Account) grantee);
granteeGroups = prov.getGroupMembership((Account) grantee, adminOnly);
} else if (grantee instanceof DistributionList) {
mGranteeType = GranteeType.GT_GROUP;
mGranteeDomain = prov.getDomain((DistributionList) grantee);
granteeGroups = prov.getGroupMembership((DistributionList) grantee, adminOnly);
} else if (grantee instanceof DynamicGroup) {
mGranteeType = GranteeType.GT_GROUP;
mGranteeDomain = prov.getDomain((DynamicGroup) grantee);
// no need to get membership for dynamic groups
// dynamic groups cannot be nested, either as a members in another
// dynamic group or a distribution list
} else {
if (adminOnly) {
throw ServiceException.INVALID_REQUEST("invalid grantee type", null);
} else {
if (grantee instanceof Domain) {
mGranteeType = GranteeType.GT_DOMAIN;
mGranteeDomain = (Domain) grantee;
}
}
}
if (adminOnly) {
if (!RightBearer.isValidGranteeForAdminRights(mGranteeType, grantee)) {
throw ServiceException.INVALID_REQUEST("invalid grantee", null);
}
}
if (mGranteeDomain == null) {
throw ServiceException.FAILURE("internal error, cannot get domain for grantee", null);
}
// setup grantees ids
mIdAndGroupIds = new HashSet<String>();
mIdAndGroupIds.add(grantee.getId());
if (granteeGroups != null) {
mIdAndGroupIds.addAll(granteeGroups.groupIds());
}
}
String getName() {
return mRightBearer.getName();
}
String getId() {
return mRightBearer.getId();
}