Add new ACI keyword "extop" that can be used to enforce access based on the...

dugan

26.12.2007 3f02855a9202d146ec2e87a7568180caec938235

 opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java

@@ -1195,7 +1195,8 @@
    if(!(ret=skipAccessCheck(op))) {
      Entry e = new Entry(entryDN, null, null, null);
      AciLDAPOperationContainer operationContainer =
              new AciLDAPOperationContainer(op, e, control.getOID());
              new AciLDAPOperationContainer(op, e, control,
                                            (ACI_READ | ACI_CONTROL));
      ret=accessAllowed(operationContainer);
    }
    if(control.getOID().equals(OID_PROXIED_AUTH_V2) ||
@@ -1218,6 +1219,27 @@
    return ret;
  }


  /**
   * {@inheritDoc}
   */
  @Override
  public boolean isAllowed(ExtendedOperation operation) {
    boolean ret;
    if(!(ret=skipAccessCheck(operation))) {
      Entry e = new Entry(operation.getAuthorizationDN(), null, null, null);
      AciLDAPOperationContainer operationContainer =
         new AciLDAPOperationContainer(operation, e, (ACI_READ | ACI_EXT_OP));
      ret=accessAllowed(operationContainer);
    }
    if(operation.getRequestOID().equals(OID_PROXIED_AUTH_V2) ||
            operation.getRequestOID().equals(OID_PROXIED_AUTH_V1))
       operation.
              setAttachment(ORIG_AUTH_ENTRY, operation.getAuthorizationEntry());
    return ret;
  }


  //Not planned to be implemented methods.

   /**
@@ -1243,15 +1265,6 @@
   * {@inheritDoc}
   */
  @Override
  public boolean isAllowed(ExtendedOperation extendedOperation) {
      //Not planned to be implemented.
      return true;
  }

  /**
   * {@inheritDoc}
   */
  @Override
  public boolean isAllowed(LocalBackendSearchOperation searchOperation) {
      //Not planned to be implemented.
      return true;