public interface MailboxACLResolver
Modifier and Type | Method and Description |
---|---|
MailboxACL |
applyGlobalACL(MailboxACL resourceACL,
boolean resourceOwnerIsGroup)
Applies global ACL to the given
resourceACL . |
boolean |
hasRight(String requestUser,
GroupMembershipResolver groupMembershipResolver,
MailboxACL.MailboxACLRight right,
MailboxACL resourceACL,
String resourceOwner,
boolean resourceOwnerIsGroup)
Tells whether the given user has the given right granted on the basis of
the given resourceACL.
|
boolean |
isReadWrite(MailboxACL.MailboxACLRights mailboxACLRights,
javax.mail.Flags sharedFlags)
Maps the given
mailboxACLRights to READ-WRITE and READ-ONLY
response codes. |
MailboxACL.MailboxACLRights[] |
listRights(MailboxACL.MailboxACLEntryKey key,
GroupMembershipResolver groupMembershipResolver,
String resourceOwner,
boolean resourceOwnerIsGroup)
Computes a result suitable for the LISTRIGHTS IMAP command.
|
MailboxACL.MailboxACLRights |
resolveRights(String requestUser,
GroupMembershipResolver groupMembershipResolver,
MailboxACL resourceACL,
String resourceOwner,
boolean resourceOwnerIsGroup)
Computes the rights which apply to the given user and resource.
|
MailboxACL applyGlobalACL(MailboxACL resourceACL, boolean resourceOwnerIsGroup) throws UnsupportedRightException
resourceACL
. From RFC 4314:
An implementation [...] MAY force rights to always or never be granted to
particular identifiers.resourceACL
- resourceOwnerIsGroup
- UnsupportedRightException
boolean hasRight(String requestUser, GroupMembershipResolver groupMembershipResolver, MailboxACL.MailboxACLRight right, MailboxACL resourceACL, String resourceOwner, boolean resourceOwnerIsGroup) throws UnsupportedRightException
requestUser
- the user for whom the given right is tested, possibly
null
when there is no authenticated user in the
given context.groupMembershipResolver
- this resolver is used when checking whether any group rights
contained in resourceACL are applicable for the requestUser.right
- the right which will be proven to apply for the given
requestUser.resourceACL
- the ACL defining the access right for the resource in
question.resourceOwner
- this user name is used as a replacement for the "owner" place
holder in the resourceACL.resourceOwnerIsGroup
- true if the resourceOwner is a group of users, false
otherwise.UnsupportedRightException
boolean isReadWrite(MailboxACL.MailboxACLRights mailboxACLRights, javax.mail.Flags sharedFlags) throws UnsupportedRightException
mailboxACLRights
to READ-WRITE and READ-ONLY
response codes.
From RFC 4314 section 5.2:
The server SHOULD include a READ-WRITE response code in the tagged OK
response if at least one of the "i", "e", or "shared flag rights"(***) is
granted to the current user.
The server MUST include a READ-ONLY response code in the tagged OK
response to a SELECT command if none of the following rights is granted
to the current user: "i", "e", and "shared flag rights"(***).mailboxACLRights
- the rights applicable to the user and resource in question.
This method supposes that any global ACLs were already applied
to the mailboxACLRights
parameter before this method
is called.sharedFlags
- From RFC 4314 section 5.2: If the ACL server implements some
flags as shared for a mailbox (i.e., the ACL for the mailbox
MAY be set up so that changes to those flags are visible to
another user), let’s call the set of rights associated with
these flags (as described in Section 4) for that mailbox
collectively as "shared flag rights". Note that the
"shared flag rights" set MAY be different for different
mailboxes.
If the server doesn’t support "shared multiuser write access"
to a mailbox or doesn’t implement shared flags on the mailbox,
"shared flag rights" for the mailbox is defined to be the
empty set.UnsupportedRightException
MailboxACL.MailboxACLRights[] listRights(MailboxACL.MailboxACLEntryKey key, GroupMembershipResolver groupMembershipResolver, String resourceOwner, boolean resourceOwnerIsGroup) throws UnsupportedRightException
key
- the identifier from the LISTRIGHTS commandgroupMembershipResolver
- resourceOwner
- the owner of the mailbox named in the LISTRIGHTS command. User
name or group name.resourceOwnerIsGroup
- true if the resourceOwner
is a group of users, false
otherwise.MailboxACL.MailboxACLRights
. The first element is the
set of implicit (global) rights which does not need to be set
explicitly for the given identifier. Further elements are groups
of rights which can be set for the given identifier and resource.UnsupportedRightException
MailboxACL.MailboxACLRights resolveRights(String requestUser, GroupMembershipResolver groupMembershipResolver, MailboxACL resourceACL, String resourceOwner, boolean resourceOwnerIsGroup) throws UnsupportedRightException
requestUser
- the user for whom the rights are computed, possibly
null
when there is no authenticated user in the
given context.groupMembershipResolver
- this resolver is used when checking whether any group rights
contained in resourceACL are applicable for the requestUser.resourceACL
- the ACL defining the access right for the resource in
question.resourceOwner
- this user name is used as a replacement for the "owner" place
holder in the resourceACL.resourceOwnerIsGroup
- true if the resourceOwner is a group of users, false
otherwise.UnsupportedRightException
Copyright © 2010-2012 The Apache Software Foundation. All Rights Reserved.