in mailbox/api/src/main/java/org/apache/james/mailbox/acl/UnionMailboxACLResolver.java [129:214]
protected static boolean applies(EntryKey aclKey, EntryKey queryKey, Username resourceOwner) {
final String aclKeyName = aclKey.getName();
final NameType aclKeyNameType = aclKey.getNameType();
if (SpecialName.anyone.name().equals(aclKeyName)) {
/* this works also for unauthenticated users */
return true;
} else if (queryKey != null) {
String queryUserOrGroupName = queryKey.getName();
switch (queryKey.getNameType()) {
case user:
/* Authenticated users */
switch (aclKeyNameType) {
case special:
if (SpecialName.authenticated.name().equals(aclKeyName)) {
/* non-null query user is viewed as authenticated */
return true;
} else if (SpecialName.owner.name().equals(aclKeyName)) {
return queryUserOrGroupName.equals(resourceOwner.asString());
} else {
/* should not happen unless the parent if is changed */
throw new IllegalStateException("Unexpected " + SpecialName.class.getName() + "." + aclKeyName);
}
case user:
return aclKeyName.equals(queryUserOrGroupName);
default:
throw new IllegalStateException("Unexpected " + NameType.class.getName() + "." + aclKeyNameType);
}
case group:
/* query is a group */
switch (aclKeyNameType) {
case special:
if (SpecialName.authenticated.name().equals(aclKeyName)) {
/*
* see the javadoc comment on listRights()
*/
return true;
} else if (SpecialName.owner.name().equals(aclKeyName)) {
return false;
} else {
/* should not happen unless the parent if is changed */
throw new IllegalStateException("Unexpected " + SpecialName.class.getName() + "." + aclKeyName);
}
case user:
/* query groups cannot match ACL users */
return false;
case group:
return aclKeyName.equals(queryUserOrGroupName);
default:
throw new IllegalStateException("Unexpected " + NameType.class.getName() + "." + aclKeyNameType);
}
case special:
/* query is a special name */
switch (aclKeyNameType) {
case special:
/*
* query owner matches authenticated because owner will
* be resolved only if the user is authenticated
*/
if (aclKeyName.equals(queryUserOrGroupName)) {
/*
* authenticated matches authenticated and owner matches
* owner
*/
return true;
} else {
/*
* query owner matches authenticated because owner will
* be resolved only if the user is authenticated
*/
return SpecialName.owner.name().equals(queryUserOrGroupName) && SpecialName.authenticated.name().equals(aclKeyName);
}
case user:
case group:
/* query specials cannot match ACL users or groups */
return false;
default:
throw new IllegalStateException("Unexpected " + NameType.class.getName() + "." + aclKeyNameType);
}
default:
throw new IllegalStateException("Unexpected " + NameType.class.getName() + "." + queryKey.getNameType());
}
} else {
/* non-anyone ACL keys do not match non-authenticated queries */
return false;
}
}