ZCS-12877: flush cache on all servers after grant or revoke global ri…

…ghts

store/src/java/com/zimbra/cs/service/admin/GrantRight.java

@@ -56,19 +56,22 @@ public Element handle(Element request, Map<String, Object> context) throws Servi
         RightCommand.grantRight(Provisioning.getInstance(), getAuthenticatedAccount(zsc), erTargSel,
                                 grReq.getGrantee(), modifierInfo.getValue(), rightModifier);
         // Bug 100965 Avoid Cross server delegate admin being broken after initial creation due to stale caches
-        if (com.zimbra.soap.type.TargetType.domain == erTargSel.getType()) {
+        if (com.zimbra.soap.type.TargetType.domain == erTargSel.getType() || com.zimbra.soap.type.TargetType.global == erTargSel.getType()) {
             TargetBy by = erTargSel.getBy();
-            if ((TargetBy.id == by) || (TargetBy.name == by)) {
-                CacheSelector cacheSel = new CacheSelector(true /* allServers */, CacheEntryType.domain.toString());
-                CacheEntrySelector ceSel = new CacheEntrySelector(
-                        (TargetBy.id == erTargSel.getBy()) ? CacheEntryBy.id : CacheEntryBy.name, erTargSel.getValue());
-                cacheSel.addEntry(ceSel);
+            if ((TargetBy.id == by) || (TargetBy.name == by) || (com.zimbra.soap.type.TargetType.global == erTargSel.getType())) {
+                CacheSelector cacheSel = new CacheSelector(true /* allServers */,
+                        (erTargSel.getType() == com.zimbra.soap.type.TargetType.global) ? CacheEntryType.globalgrant.toString() : erTargSel.getType().toString());
+                if (com.zimbra.soap.type.TargetType.domain == erTargSel.getType()) {
+                    CacheEntrySelector ceSel = new CacheEntrySelector(
+                            (TargetBy.id == erTargSel.getBy()) ? CacheEntryBy.id : CacheEntryBy.name, erTargSel.getValue());
+                    cacheSel.addEntry(ceSel);
+                }
                 FlushCacheRequest fcReq = new FlushCacheRequest(cacheSel);
                 try {
                     FlushCache.doFlushCache(this, context, fcReq);
                 } catch (ServiceException se) {
-                    ZimbraLog.acl.info("Problem flushing acl cache for domain %s/%s after granting rights",
-                            erTargSel.getBy(), erTargSel.getValue(), se);
+                    ZimbraLog.acl.warn("Problem flushing acl cache for %s %s/%s after granting rights",
+                            erTargSel.getType().toString(), erTargSel.getBy(), erTargSel.getValue(), se);
                 }
             }
         }

store/src/java/com/zimbra/cs/service/admin/RevokeRight.java

@@ -22,13 +22,18 @@
 import com.zimbra.common.service.ServiceException;
 import com.zimbra.common.soap.AdminConstants;
 import com.zimbra.common.soap.Element;
+import com.zimbra.common.util.ZimbraLog;
 import com.zimbra.cs.account.Provisioning;
 import com.zimbra.cs.account.accesscontrol.AdminRight;
 import com.zimbra.cs.account.accesscontrol.RightCommand;
 import com.zimbra.cs.account.accesscontrol.RightModifier;
 import com.zimbra.soap.JaxbUtil;
 import com.zimbra.soap.ZimbraSoapContext;
+import com.zimbra.soap.admin.message.FlushCacheRequest;
 import com.zimbra.soap.admin.message.RevokeRightRequest;
+import com.zimbra.soap.admin.type.CacheEntryType;
+import com.zimbra.soap.admin.type.CacheSelector;
+import com.zimbra.soap.admin.type.EffectiveRightsTargetSelector;
 
 public class RevokeRight extends RightDocumentHandler {
 
@@ -43,6 +48,17 @@ public Element handle(Element request, Map<String, Object> context) throws Servi
 
         RightCommand.revokeRight(Provisioning.getInstance(), getAuthenticatedAccount(zsc), rrReq.getTarget(),
                                 rrReq.getGrantee(), rrReq.getRight().getValue(), rightModifier);
+        EffectiveRightsTargetSelector erTargSel = rrReq.getTarget();
+        if (com.zimbra.soap.type.TargetType.global == erTargSel.getType()) {
+            CacheSelector cacheSel = new CacheSelector(true /* allServers */, CacheEntryType.globalgrant.toString());
+            FlushCacheRequest fcReq = new FlushCacheRequest(cacheSel);
+            try {
+                FlushCache.doFlushCache(this, context, fcReq);
+            } catch (ServiceException se) {
+                ZimbraLog.acl.warn("Problem flushing acl cache for global %s/%s after revoking rights",
+                        erTargSel.getBy(), erTargSel.getValue(), se);
+            }
+        }
 
         Element response = zsc.createElement(AdminConstants.REVOKE_RIGHT_RESPONSE);
         return response;