int acl_object_have_right(struct acl_object *aclobj, unsigned int right_idx)
{
struct acl_backend *backend = aclobj->backend;
const struct acl_mask *have_mask;
unsigned int read_idx;
if (backend->v.object_refresh_cache(aclobj) < 0)
return -1;
have_mask = acl_cache_get_my_rights(backend->cache, aclobj->name);
if (have_mask == NULL) {
if (acl_backend_get_default_rights(backend, &have_mask) < 0)
return -1;
}
if (acl_cache_mask_isset(have_mask, right_idx))
return 1;
if (mailbox_list_get_user(aclobj->backend->list)->dsyncing) {
/* when dsync is running on a shared mailbox, it must be able
to do everything inside it. however, dsync shouldn't touch
mailboxes where user doesn't have any read access, because
that could make them readable on the replica. */
read_idx = acl_backend_lookup_right(aclobj->backend,
MAIL_ACL_READ);
if (acl_cache_mask_isset(have_mask, read_idx))
return 1;
}
return 0;
}
static void acl_storage_rights_ctx_init(struct acl_storage_rights_context *ctx,
struct acl_backend *backend)
{
unsigned int i;
ctx->backend = backend;
for (i = 0; i < ACL_STORAGE_RIGHT_COUNT; i++) {
ctx->acl_storage_right_idx[i] =
acl_backend_lookup_right(backend,
acl_storage_right_names[i]);
}
}
