Class AuthenticatedRegistrarAccessor


@Immutable public class AuthenticatedRegistrarAccessor extends Object
Allows access only to Registrars the current user has access to.

A user has OWNER role on a Registrar if there exists a mapping to the registrar in its UserRoles map, regardless of the role.

An "admin" has, in addition, OWNER role on #registryAdminRegistrarId and to all non-REAL registrars (see RegistrarBase.getType()).

An "admin" also has ADMIN role on ALL registrars.

A user is an "admin" if it has global admin permission, or if their email is in the "Support" G Suite group.

NOTE: to check whether the user is in the "Support" G Suite group, we need a connection to G Suite. This, in turn, requires us to have valid JsonCredentials, which not all environments have set up. This connection will be created lazily (only if needed).

Specifically, we don't instantiate the connection if: (a) gSuiteSupportGroupEmailAddress isn't defined, or (b) the user is logged out, or (c) the user is an admin.