From 6ac3c4ea9e225c3209518be08d7d59f3f732ebea Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Mon, 30 Jul 2007 00:42:18 +0000
Subject: [PATCH] Provide a mechanism to disable privileges in the server if necessary.  If a privilege is disabled, then the server will behave as if all users have that privilege.  This can help improve compatibility with environments that expect a feature to always be available, or to only be governed by access control.

---
 opendj-sdk/opends/src/server/org/opends/server/api/ClientConnection.java |   12 +++++++-----
 1 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/opendj-sdk/opends/src/server/org/opends/server/api/ClientConnection.java b/opendj-sdk/opends/src/server/org/opends/server/api/ClientConnection.java
index cacc625..1c268df 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/api/ClientConnection.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/api/ClientConnection.java
@@ -960,8 +960,6 @@
   public boolean hasPrivilege(Privilege privilege,
                               Operation operation)
   {
-    boolean result;
-
     if (privilege == Privilege.PROXIED_AUTH)
     {
       // This determination should always be made against the
@@ -970,9 +968,11 @@
       Entry authEntry = authenticationInfo.getAuthenticationEntry();
       boolean isRoot  = authenticationInfo.isRoot();
       return getPrivileges(authEntry,
-                           isRoot).contains(Privilege.PROXIED_AUTH);
+                           isRoot).contains(Privilege.PROXIED_AUTH) ||
+             DirectoryServer.isDisabled(Privilege.PROXIED_AUTH);
     }
 
+    boolean result;
     if (operation == null)
     {
       result = privileges.contains(privilege);
@@ -992,7 +992,8 @@
       if (operation.getAuthorizationDN().equals(
                authenticationInfo.getAuthorizationDN()))
       {
-        result = privileges.contains(privilege);
+        result = privileges.contains(privilege) ||
+                 DirectoryServer.isDisabled(privilege);
         if (debugEnabled())
         {
           DN authDN = authenticationInfo.getAuthenticationDN();
@@ -1017,7 +1018,8 @@
           boolean isRoot =
                DirectoryServer.isRootDN(authorizationEntry.getDN());
           result = getPrivileges(authorizationEntry,
-                                 isRoot).contains(privilege);
+                                 isRoot).contains(privilege) ||
+                   DirectoryServer.isDisabled(privilege);
         }
       }
     }

--
Gitblit v1.10.0