From d428f48a4cf79de5e3f7cbc38a2c1af7a0b80e4f Mon Sep 17 00:00:00 2001
From: dugan <dugan@localhost>
Date: Sat, 21 Jul 2007 00:56:42 +0000
Subject: [PATCH] Add the new ACI keyword  "targetcontrol"  that can be used to enforce access based on the OID of a control. For example, a new global access control rule is also being added: 

---
 opends/src/server/org/opends/server/api/AccessControlHandler.java |   59 ++++++++++++++++++++---------------------------------------
 1 files changed, 20 insertions(+), 39 deletions(-)

diff --git a/opends/src/server/org/opends/server/api/AccessControlHandler.java b/opends/src/server/org/opends/server/api/AccessControlHandler.java
index 67f4c8e..12200ab 100644
--- a/opends/src/server/org/opends/server/api/AccessControlHandler.java
+++ b/opends/src/server/org/opends/server/api/AccessControlHandler.java
@@ -133,6 +133,26 @@
                                          addOperation);
 
 
+  /**
+   * Indicates whether the provided control is allowed based on
+   * the access control configuration and the specified
+   * operation. This method should not alter the provided
+   * operation in any way.
+   *
+   * @param  dn  A DN that can be used in the access determination.
+   *
+   * @param  op  The operation to use in the
+   *                       determination.
+   *
+   * @param control The control for which to make the determination.
+   *
+   * @return  {@code true} if the control should be allowed by the
+   *          access control configuration, or {@code false} if not.
+   */
+  public abstract boolean isAllowed(DN dn, Operation  op,
+                                    Control control);
+
+
 
   /**
    * Indicates whether the provided bind operation is allowed based on
@@ -302,44 +322,5 @@
   public abstract boolean maySend(SearchOperation searchOperation,
                                SearchResultReference searchReference);
 
-
-
-  /**
-   * Indicates whether a proxied authorization control is allowed
-   * based on the current operation and the new authorization entry.
-   *
-   * @param  operation              The operation with which the
-   *                                proxied authorization control is
-   *                                associated.
-   * @param  newAuthorizationEntry  The new authorization entry
-   *                                related to the proxied
-   *                                authorization control
-   *                                authorization ID.
-   *
-   * @return  {@code true} if the operation should be allowed to use
-   *          the proxied authorization control, or {@code false} if
-   *          not.
-   */
-  public abstract boolean isProxiedAuthAllowed(Operation operation,
-                               Entry newAuthorizationEntry);
-
-
-
-  /**
-   * Indicates whether a getEffectiveRights control is allowed
-   * based on the current operation and the control contents.
-   *
-   * @param  operation  The operation with which the
-   *                    getEffectiveRights control is associated.
-   *                    This is always a SearchOperation.
-   * @param  control    The control class containing the decoded
-   *                    getEffectiveRights control contents.
-   *
-   * @return  {@code true} if the use of the getEffectiveRights
-   *          control should be allowed, or {@code false} if not.
-   */
-  public abstract boolean isGetEffectiveRightsAllowed(
-                               SearchOperation operation,
-                               Control control);
 }
 

--
Gitblit v1.10.0