mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: 7133dad3 | patch | commit | ignore whitespace
coulbeck
12.22.2007 345fecc0f5ac93f4415cb96f53003b046fea4d8b 
Add support for subordinate subtree to ACI.
3 files modified
24 ■■■■■ changed files
opends/src/server/org/opends/server/authorization/dseecompat/AciTargets.java 17 ●●●● patch | view | raw | blame | history
opends/src/server/org/opends/server/authorization/dseecompat/UserDN.java 6 ●●●●● patch | view | raw | blame | history
opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/AciTests.java 1 ●●●● patch | view | raw | blame | history 
 opends/src/server/org/opends/server/authorization/dseecompat/AciTargets.java


@@ -321,9 +321,6 @@


                              targetScope, targAttrFilters);


    }




    /*


     * TODO Add support for the SearchScope.SUBORDINATE_SUBTREE scope.


     */


    /**


     * Evaluates a provided scope string and returns an appropriate


     * SearchScope enumeration.


@@ -340,6 +337,8 @@


            return SearchScope.SINGLE_LEVEL;


        else if(expression.equalsIgnoreCase("subtree"))


            return SearchScope.WHOLE_SUBTREE;


        else if(expression.equalsIgnoreCase("subordinate"))


            return SearchScope.SUBORDINATE_SUBTREE;


        else {


            int msgID =


                MSGID_ACI_SYNTAX_INVALID_TARGETSCOPE_EXPRESSION;


@@ -501,12 +500,12 @@


            if(!entryDN.isDescendantOf(targetDN))


                return false;


            break;


        /*


         * TODO Add support for the SearchScope.SUBORDINATE_SUBTREE scope.


         *


         * The isTargetApplicable method doesn't account for the subordinate


         * subtree search scope.


        */


        case SUBORDINATE_SUBTREE:


            if ((entryDN.getNumComponents() <= targetDN.getNumComponents()) ||


                 !entryDN.isDescendantOf(targetDN)) {


              return false;


            }


            break;


        default:


            return false;


        }




 opends/src/server/org/opends/server/authorization/dseecompat/UserDN.java


@@ -343,6 +343,12 @@


            DN parent=evalCtx.getClientDN().getParent();


            if((parent != null) && !parent.equals(urlDN))


                return EnumEvalResult.FALSE;


        } else if(scope == SearchScope.SUBORDINATE_SUBTREE) {


            DN userDN = evalCtx.getClientDN();


            if ((userDN.getNumComponents() <= urlDN.getNumComponents()) ||


                 !userDN.isDescendantOf(urlDN)) {


              return EnumEvalResult.FALSE;


            }


        } else {


            if(!evalCtx.getClientDN().equals(urlDN))


                return EnumEvalResult.FALSE;




 opends/tests/unit-tests-testng/src/server/org/opends/server/authorization/dseecompat/AciTests.java


@@ -515,6 +515,7 @@


    buildAciValue("name", "w/ targetScope", "targetScope", "base", "allow (write)", BIND_RULE_USERDN_SELF),


    buildAciValue("name", "w/ targetScope", "targetScope", "onelevel", "allow (write)", BIND_RULE_USERDN_SELF),


    buildAciValue("name", "w/ targetScope", "targetScope", "subtree", "allow (write)", BIND_RULE_USERDN_SELF),


    buildAciValue("name", "w/ targetScope", "targetScope", "subordinate", "allow (write)", BIND_RULE_USERDN_SELF),


    buildAciValue("name", "w/ !target", "target!=", LDAP_URL_OU_INNER, "allow (write)", BIND_RULE_USERDN_SELF),


    buildAciValue("name", "w/ 1 !targetattr", "targetattr!=", "cn", "allow (write)", BIND_RULE_USERDN_SELF),


    buildAciValue("name", "w/ 2 !targetattr", "targetattr!=", "cn || sn", "allow (write)", BIND_RULE_USERDN_SELF),