From fad88bae0655787d9030d4f313c0a0dfcf2e47bb Mon Sep 17 00:00:00 2001
From: Guy Paddock <guy@rosieapp.com>
Date: Fri, 27 Oct 2017 04:49:37 +0000
Subject: [PATCH] Sub-resource search filter support
---
opendj-rest2ldap/src/main/java/org/forgerock/opendj/rest2ldap/SubResourceCollection.java | 53 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
1 files changed, 52 insertions(+), 1 deletions(-)
diff --git a/opendj-rest2ldap/src/main/java/org/forgerock/opendj/rest2ldap/SubResourceCollection.java b/opendj-rest2ldap/src/main/java/org/forgerock/opendj/rest2ldap/SubResourceCollection.java
index 85fd139..05b2720 100644
--- a/opendj-rest2ldap/src/main/java/org/forgerock/opendj/rest2ldap/SubResourceCollection.java
+++ b/opendj-rest2ldap/src/main/java/org/forgerock/opendj/rest2ldap/SubResourceCollection.java
@@ -15,6 +15,7 @@
*/
package org.forgerock.opendj.rest2ldap;
+import static org.forgerock.guava.common.base.Preconditions.checkNotNull;
import static org.forgerock.http.routing.RoutingMode.EQUALS;
import static org.forgerock.http.routing.RoutingMode.STARTS_WITH;
import static org.forgerock.json.resource.RouteMatchers.requestUriMatcher;
@@ -75,6 +76,7 @@
private NamingStrategy namingStrategy;
private boolean flattenSubtree;
+ private Filter baseSearchFilter;
SubResourceCollection(final String resourceId) {
super(resourceId);
@@ -94,6 +96,18 @@
}
/**
+ * Gets the base filter that always restricts what LDAP entries are accessible through this
+ * collection, before any filters are applied from the request itself.
+ *
+ * The default is {@code null} (no base filter restriction at all).
+ *
+ * @return Either a search filter; or {@code null} if no base search filter has been defined.
+ */
+ public Filter getBaseSearchFilter() {
+ return baseSearchFilter;
+ }
+
+ /**
* Indicates that the JSON resource ID must be provided by the user, and will be used for naming the associated LDAP
* entry. More specifically, LDAP entry names will be derived by appending a single RDN to the collection's base DN
* composed of the specified attribute type and LDAP value taken from the LDAP entry once attribute mapping has been
@@ -259,6 +273,42 @@
return this;
}
+ /**
+ * Sets the base filter that always restricts what LDAP entries are accessible through this
+ * collection, before any filters are applied from the request itself.
+ *
+ * The default is {@code null} (no base filter restriction at all).
+ *
+ * @param filter
+ * The filter which should be used to restrict which LDAP entries are returned.
+ * @return A reference to this object.
+ */
+ public SubResourceCollection baseSearchFilter(final Filter filter) {
+ this.baseSearchFilter = filter;
+ return this;
+ }
+
+ /**
+ * Sets the base filter that always restricts what LDAP entries are accessible through this
+ * collection, before any filters are applied from the request itself.
+ *
+ * The default is {@code null} (no base filter restriction at all).
+ *
+ * @param filter
+ * The filter which should be used to restrict which LDAP entries are returned.
+ * @return A reference to this object.
+ */
+ public SubResourceCollection baseSearchFilter(final String filter) {
+ if (filter == null) {
+ baseSearchFilter((Filter)null);
+ }
+ else {
+ baseSearchFilter(Filter.valueOf(filter));
+ }
+
+ return this;
+ }
+
@Override
Router addRoutes(final Router router) {
router.addRoute(requestUriMatcher(EQUALS, urlTemplate), readOnly(new CollectionHandler()));
@@ -299,7 +349,8 @@
dnTemplateString.isEmpty() ? null : glueObjectClasses,
namingStrategy,
resource,
- this.flattenSubtree);
+ flattenSubtree,
+ baseSearchFilter);
}
private String idFrom(final Context context) {
--
Gitblit v1.10.0