From 633d9f0fdba2039bd467029ed36b98e90db15ad4 Mon Sep 17 00:00:00 2001
From: dugan <dugan@localhost>
Date: Fri, 08 Jun 2007 17:58:47 +0000
Subject: [PATCH] Fix geteffectiverights support search results when using shortcuts for user attributes * and operational attributes +. Issue 1745.

---
 opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciEffectiveRights.java |   27 +++++++++++++++++++--------
 1 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciEffectiveRights.java b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciEffectiveRights.java
index d37ec3a..2160e14 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciEffectiveRights.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciEffectiveRights.java
@@ -27,14 +27,14 @@
 
 package org.opends.server.authorization.dseecompat;
 
-import org.opends.server.types.*;
-import org.opends.server.core.DirectoryServer;
 import static org.opends.server.authorization.dseecompat.Aci.*;
+import org.opends.server.core.DirectoryServer;
 import org.opends.server.protocols.asn1.ASN1OctetString;
+import org.opends.server.types.*;
 
 import java.util.LinkedHashSet;
-import java.util.List;
 import java.util.LinkedList;
+import java.util.List;
 
 /**
  * This class implements the dseecompat geteffectiverights evaluation.
@@ -212,13 +212,24 @@
       else if(a.equalsIgnoreCase(aclRightsInfoAttrStr))
         attrMask |= ACL_RIGHTS_INFO;
       else {
-        AttributeType attrType;
-        if((attrType = DirectoryServer.getAttributeType(a)) == null)
-          attrType = DirectoryServer.getDefaultAttributeType(a);
-        nonRightsAttrs.add(attrType);
+          //Check for shorthands for user attributes "*" or operational "+".
+          if(a.equals("*")) {
+              //Add objectclass.
+              AttributeType ocType =
+                      DirectoryServer.getObjectClassAttributeType();
+              nonRightsAttrs.add(ocType);
+              nonRightsAttrs.addAll(e.getUserAttributes().keySet());
+          } else if (a.equals("+"))
+              nonRightsAttrs.addAll(e.getOperationalAttributes().keySet());
+          else {
+              AttributeType attrType;
+              if((attrType = DirectoryServer.getAttributeType(a)) == null)
+                  attrType = DirectoryServer.getDefaultAttributeType(a);
+              nonRightsAttrs.add(attrType);
+          }
       }
     }
-    //If the special geteffectiverights attributes were not found or
+      //If the special geteffectiverights attributes were not found or
     //the user does not have both bypass-acl privs and is not allowed to
     //perform rights evalation -- return the entry unchanged.
     if(attrMask == ACI_NULL ||

--
Gitblit v1.10.0