/**
  * returns true if grantee {@code gt} can be granted Admin Rights
  *
  * <p>Note: - system admins cannot receive grants - they don't need any
  *
  * @param gt
  * @param grantee
  * @return
  */
 static boolean isValidGranteeForAdminRights(GranteeType gt, NamedEntry grantee) {
   if (gt == GranteeType.GT_USER) {
     return (!grantee.getBooleanAttr(Provisioning.A_zimbraIsAdminAccount, false)
         && grantee.getBooleanAttr(Provisioning.A_zimbraIsDelegatedAdminAccount, false));
   } else if (gt == GranteeType.GT_GROUP) {
     return grantee.getBooleanAttr(Provisioning.A_zimbraIsAdminGroup, false);
   } else if (gt == GranteeType.GT_EXT_GROUP) {
     return true;
   } else {
     return false;
   }
 }
    // public only for unit test. TODO: cleanup unit test
    public Grantee(NamedEntry grantee, boolean adminOnly) throws ServiceException {
      super(grantee);

      Provisioning prov = grantee.getProvisioning();
      GroupMembership granteeGroups = null;

      if (grantee instanceof Account) {
        mGranteeType = GranteeType.GT_USER;
        mGranteeDomain = prov.getDomain((Account) grantee);
        granteeGroups = prov.getGroupMembership((Account) grantee, adminOnly);

      } else if (grantee instanceof DistributionList) {
        mGranteeType = GranteeType.GT_GROUP;
        mGranteeDomain = prov.getDomain((DistributionList) grantee);
        granteeGroups = prov.getGroupMembership((DistributionList) grantee, adminOnly);

      } else if (grantee instanceof DynamicGroup) {
        mGranteeType = GranteeType.GT_GROUP;
        mGranteeDomain = prov.getDomain((DynamicGroup) grantee);
        // no need to get membership for dynamic groups
        // dynamic groups cannot be nested, either as a members in another
        // dynamic group or a distribution list

      } else {
        if (adminOnly) {
          throw ServiceException.INVALID_REQUEST("invalid grantee type", null);
        } else {
          if (grantee instanceof Domain) {
            mGranteeType = GranteeType.GT_DOMAIN;
            mGranteeDomain = (Domain) grantee;
          }
        }
      }

      if (adminOnly) {
        if (!RightBearer.isValidGranteeForAdminRights(mGranteeType, grantee)) {
          throw ServiceException.INVALID_REQUEST("invalid grantee", null);
        }
      }

      if (mGranteeDomain == null) {
        throw ServiceException.FAILURE("internal error, cannot get domain for grantee", null);
      }

      // setup grantees ids
      mIdAndGroupIds = new HashSet<String>();
      mIdAndGroupIds.add(grantee.getId());
      if (granteeGroups != null) {
        mIdAndGroupIds.addAll(granteeGroups.groupIds());
      }
    }
 String getName() {
   return mRightBearer.getName();
 }
 String getId() {
   return mRightBearer.getId();
 }