external-software/github_OpenIdentityPlatform_OpenDJ.git

parent: b18ba9bd | patch | commit | ignore whitespace

Eliminate the search-unindexed privilege, since the feature was implemented...

neil_a_wilson

08.32.2007 d222a3233db88e0931f260fc598938b17eaf8e24

Eliminate the search-unindexed privilege, since the feature was implemented to
use a privilege of "unindexed-search" instead.  Also, eliminate the
index-rebuild privilege and fold all of its functionality into ldif-import,
since having a separate privilege for it doesn't provide much benefit and
creates additional administrative overhead.

OpenDS Issue Numbers:  1765, 1776

4 files modified

	opends/resource/config/config.ldif	2 ●●●●● patch \| view \| raw \| blame \| history
	opends/src/server/org/opends/server/tasks/RebuildTask.java	2 ●●●●● patch \| view \| raw \| blame \| history
	opends/src/server/org/opends/server/types/Privilege.java	22 ●●●●● patch \| view \| raw \| blame \| history
	opends/tests/unit-tests-testng/src/server/org/opends/server/types/PrivilegeTestCase.java	6 ●●●●● patch \| view \| raw \| blame \| history

 opends/resource/config/config.ldif

@@ -1310,11 +1310,9 @@
ds-cfg-default-root-privilege-name: server-restart
ds-cfg-default-root-privilege-name: disconnect-client
ds-cfg-default-root-privilege-name: cancel-request
ds-cfg-default-root-privilege-name: search-unindexed
ds-cfg-default-root-privilege-name: password-reset
ds-cfg-default-root-privilege-name: update-schema
ds-cfg-default-root-privilege-name: privilege-change
ds-cfg-default-root-privilege-name: index-rebuild
ds-cfg-default-root-privilege-name: unindexed-search

dn: cn=Directory Manager,cn=Root DNs,cn=config

 opends/src/server/org/opends/server/tasks/RebuildTask.java

@@ -104,7 +104,7 @@
    if (operation != null)
    {
      ClientConnection clientConnection = operation.getClientConnection();
      if (! clientConnection.hasPrivilege(Privilege.INDEX_REBUILD, operation))
      if (! clientConnection.hasPrivilege(Privilege.LDIF_IMPORT, operation))
      {
        int    msgID   = MSGID_TASK_INDEXREBUILD_INSUFFICIENT_PRIVILEGES;
        String message = getMessage(msgID);

 opends/src/server/org/opends/server/types/Privilege.java

@@ -171,14 +171,6 @@


  /**
   * The privilege that provides the ability to request unindexed
   * searches.
   */
  SEARCH_UNINDEXED("search-unindexed"),



  /**
   * The privilege that provides the ability to reset user passwords.
   */
  PASSWORD_RESET("password-reset"),
@@ -211,14 +203,6 @@


  /**
   * The privilege that provides the ability to rebuild one or more
   * indexes in a backend that supports indexing.
   */
  INDEX_REBUILD("index-rebuild"),



  /**
   * The privilege that provides the ability to perform an unindexed
   * search in the JE backend.
   */
@@ -276,12 +260,10 @@
    PRIV_MAP.put("proxied-auth", PROXIED_AUTH);
    PRIV_MAP.put("disconnect-client", DISCONNECT_CLIENT);
    PRIV_MAP.put("cancel-request", CANCEL_REQUEST);
    PRIV_MAP.put("search-unindexed", SEARCH_UNINDEXED);
    PRIV_MAP.put("password-reset", PASSWORD_RESET);
    PRIV_MAP.put("data-sync", DATA_SYNC);
    PRIV_MAP.put("update-schema", UPDATE_SCHEMA);
    PRIV_MAP.put("privilege-change", PRIVILEGE_CHANGE);
    PRIV_MAP.put("index-rebuild", INDEX_REBUILD);
    PRIV_MAP.put("unindexed-search", UNINDEXED_SEARCH);

    PRIV_NAMES.add("bypass-acl");
@@ -300,12 +282,10 @@
    PRIV_NAMES.add("proxied-auth");
    PRIV_NAMES.add("disconnect-client");
    PRIV_NAMES.add("cancel-request");
    PRIV_NAMES.add("search-unindexed");
    PRIV_NAMES.add("password-reset");
    PRIV_NAMES.add("data-sync");
    PRIV_NAMES.add("update-schema");
    PRIV_NAMES.add("privilege-change");
    PRIV_NAMES.add("index-rebuild");
    PRIV_NAMES.add("unindexed-search");

    DEFAULT_ROOT_PRIV_SET.add(BYPASS_ACL);
@@ -320,11 +300,9 @@
    DEFAULT_ROOT_PRIV_SET.add(SERVER_RESTART);
    DEFAULT_ROOT_PRIV_SET.add(DISCONNECT_CLIENT);
    DEFAULT_ROOT_PRIV_SET.add(CANCEL_REQUEST);
    DEFAULT_ROOT_PRIV_SET.add(SEARCH_UNINDEXED);
    DEFAULT_ROOT_PRIV_SET.add(PASSWORD_RESET);
    DEFAULT_ROOT_PRIV_SET.add(UPDATE_SCHEMA);
    DEFAULT_ROOT_PRIV_SET.add(PRIVILEGE_CHANGE);
    DEFAULT_ROOT_PRIV_SET.add(INDEX_REBUILD);
    DEFAULT_ROOT_PRIV_SET.add(UNINDEXED_SEARCH);
  }


 opends/tests/unit-tests-testng/src/server/org/opends/server/types/PrivilegeTestCase.java

@@ -135,7 +135,6 @@
      "ds-privilege-name: -ldif-export",
      "ds-privilege-name: -backend-backup",
      "ds-privilege-name: -backend-restore",
      "ds-privilege-name: -index-rebuild",
      "ds-privilege-name: -unindexed-search",
      "",
      "dn: cn=Proxy Root,cn=Root DNs,cn=config",
@@ -171,7 +170,6 @@
      "ds-privilege-name: backend-restore",
      "ds-privilege-name: proxied-auth",
      "ds-privilege-name: bypass-acl",
      "ds-privilege-name: index-rebuild",
      "ds-privilege-name: unindexed-search",
      "ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
           "cn=Password Policies,cn=config",
@@ -1093,7 +1091,7 @@

  /**
   * Test to ensure that attempts to rebuild indexes will property respect
   * the INDEX_REBUILD privilege.
   * the LDIF_IMPORT privilege.
   *
   * @param conn The client connection to use to perform the rebuild.
   * @param hasPrivilege Indicates weather the authenticated user is
@@ -1106,7 +1104,7 @@
                               boolean hasPrivilege)
      throws Exception
  {
    assertEquals(conn.hasPrivilege(Privilege.INDEX_REBUILD, null), hasPrivilege);
    assertEquals(conn.hasPrivilege(Privilege.LDIF_IMPORT, null), hasPrivilege);

    Entry taskEntry = TestCaseUtils.makeEntry(
      "dn: ds-task-id=" + UUID.randomUUID() + ",cn=Scheduled Tasks,cn=Tasks",

			@@ -1310,11 +1310,9 @@
			ds-cfg-default-root-privilege-name: server-restart
			ds-cfg-default-root-privilege-name: disconnect-client
			ds-cfg-default-root-privilege-name: cancel-request
			ds-cfg-default-root-privilege-name: search-unindexed
			ds-cfg-default-root-privilege-name: password-reset
			ds-cfg-default-root-privilege-name: update-schema
			ds-cfg-default-root-privilege-name: privilege-change
			ds-cfg-default-root-privilege-name: index-rebuild
			ds-cfg-default-root-privilege-name: unindexed-search

			dn: cn=Directory Manager,cn=Root DNs,cn=config

			@@ -104,7 +104,7 @@
			if (operation != null)
			{
			ClientConnection clientConnection = operation.getClientConnection();
			if (! clientConnection.hasPrivilege(Privilege.INDEX_REBUILD, operation))
			if (! clientConnection.hasPrivilege(Privilege.LDIF_IMPORT, operation))
			{
			int msgID = MSGID_TASK_INDEXREBUILD_INSUFFICIENT_PRIVILEGES;
			String message = getMessage(msgID);

			@@ -171,14 +171,6 @@


			/**
			* The privilege that provides the ability to request unindexed
			* searches.
			*/
			SEARCH_UNINDEXED("search-unindexed"),



			/**
			* The privilege that provides the ability to reset user passwords.
			*/
			PASSWORD_RESET("password-reset"),
			@@ -211,14 +203,6 @@


			/**
			* The privilege that provides the ability to rebuild one or more
			* indexes in a backend that supports indexing.
			*/
			INDEX_REBUILD("index-rebuild"),



			/**
			* The privilege that provides the ability to perform an unindexed
			* search in the JE backend.
			*/
			@@ -276,12 +260,10 @@
			PRIV_MAP.put("proxied-auth", PROXIED_AUTH);
			PRIV_MAP.put("disconnect-client", DISCONNECT_CLIENT);
			PRIV_MAP.put("cancel-request", CANCEL_REQUEST);
			PRIV_MAP.put("search-unindexed", SEARCH_UNINDEXED);
			PRIV_MAP.put("password-reset", PASSWORD_RESET);
			PRIV_MAP.put("data-sync", DATA_SYNC);
			PRIV_MAP.put("update-schema", UPDATE_SCHEMA);
			PRIV_MAP.put("privilege-change", PRIVILEGE_CHANGE);
			PRIV_MAP.put("index-rebuild", INDEX_REBUILD);
			PRIV_MAP.put("unindexed-search", UNINDEXED_SEARCH);

			PRIV_NAMES.add("bypass-acl");
			@@ -300,12 +282,10 @@
			PRIV_NAMES.add("proxied-auth");
			PRIV_NAMES.add("disconnect-client");
			PRIV_NAMES.add("cancel-request");
			PRIV_NAMES.add("search-unindexed");
			PRIV_NAMES.add("password-reset");
			PRIV_NAMES.add("data-sync");
			PRIV_NAMES.add("update-schema");
			PRIV_NAMES.add("privilege-change");
			PRIV_NAMES.add("index-rebuild");
			PRIV_NAMES.add("unindexed-search");

			DEFAULT_ROOT_PRIV_SET.add(BYPASS_ACL);
			@@ -320,11 +300,9 @@
			DEFAULT_ROOT_PRIV_SET.add(SERVER_RESTART);
			DEFAULT_ROOT_PRIV_SET.add(DISCONNECT_CLIENT);
			DEFAULT_ROOT_PRIV_SET.add(CANCEL_REQUEST);
			DEFAULT_ROOT_PRIV_SET.add(SEARCH_UNINDEXED);
			DEFAULT_ROOT_PRIV_SET.add(PASSWORD_RESET);
			DEFAULT_ROOT_PRIV_SET.add(UPDATE_SCHEMA);
			DEFAULT_ROOT_PRIV_SET.add(PRIVILEGE_CHANGE);
			DEFAULT_ROOT_PRIV_SET.add(INDEX_REBUILD);
			DEFAULT_ROOT_PRIV_SET.add(UNINDEXED_SEARCH);
			}

			@@ -135,7 +135,6 @@
			"ds-privilege-name: -ldif-export",
			"ds-privilege-name: -backend-backup",
			"ds-privilege-name: -backend-restore",
			"ds-privilege-name: -index-rebuild",
			"ds-privilege-name: -unindexed-search",
			"",
			"dn: cn=Proxy Root,cn=Root DNs,cn=config",
			@@ -171,7 +170,6 @@
			"ds-privilege-name: backend-restore",
			"ds-privilege-name: proxied-auth",
			"ds-privilege-name: bypass-acl",
			"ds-privilege-name: index-rebuild",
			"ds-privilege-name: unindexed-search",
			"ds-pwp-password-policy-dn: cn=Clear UserPassword Policy," +
			"cn=Password Policies,cn=config",
			@@ -1093,7 +1091,7 @@

			/**
			* Test to ensure that attempts to rebuild indexes will property respect
			* the INDEX_REBUILD privilege.
			* the LDIF_IMPORT privilege.
			*
			* @param conn The client connection to use to perform the rebuild.
			* @param hasPrivilege Indicates weather the authenticated user is
			@@ -1106,7 +1104,7 @@
			boolean hasPrivilege)
			throws Exception
			{
			assertEquals(conn.hasPrivilege(Privilege.INDEX_REBUILD, null), hasPrivilege);
			assertEquals(conn.hasPrivilege(Privilege.LDIF_IMPORT, null), hasPrivilege);

			Entry taskEntry = TestCaseUtils.makeEntry(
			"dn: ds-task-id=" + UUID.randomUUID() + ",cn=Scheduled Tasks,cn=Tasks",