From a6ffa6f49ae5d4c3311eb5ffdd74dc3a8d6c4f40 Mon Sep 17 00:00:00 2001
From: dugan <dugan@localhost>
Date: Thu, 14 Jun 2007 19:12:52 +0000
Subject: [PATCH] Add support for '+' all attributes description in targetattrs expression, with missing files from previous commit. See issue 1779 for more info.
---
opends/src/server/org/opends/server/authorization/dseecompat/Aci.java | 52 ++++++++++++++++++++++++++++++++++++++++++----------
1 files changed, 42 insertions(+), 10 deletions(-)
diff --git a/opends/src/server/org/opends/server/authorization/dseecompat/Aci.java b/opends/src/server/org/opends/server/authorization/dseecompat/Aci.java
index 6f5b75b..46ef3db 100644
--- a/opends/src/server/org/opends/server/authorization/dseecompat/Aci.java
+++ b/opends/src/server/org/opends/server/authorization/dseecompat/Aci.java
@@ -110,11 +110,12 @@
/**
* Regular expression that graciously matches an attribute type name. Must
* begin with an ASCII letter or digit, and contain only ASCII letters,
- * digit characters, hyphens, semi-colons and underscores.
- * They are case insensitive.
+ * digit characters, hyphens, semi-colons and underscores. It also allows
+ * the special shorthand characters "*" for all user attributes and "+" for
+ * all operational attributes.
*/
public static final String ATTR_NAME =
- "((?i)[a-z\\d]{1}[[a-z]\\d-_.;]*(?-i))";
+ "((?i)[a-z\\d]{1}[[a-z]\\d-_.;]*(?-i)|\\*{1}|\\+{1})";
/**
* Regular expression matching a LDAP URL.
@@ -150,8 +151,16 @@
/**
* Regular expression the matches "*".
*/
- public static final String ALL_ATTRS_WILD_CARD = ZERO_OR_MORE_WHITESPACE +
- "\\*" + ZERO_OR_MORE_WHITESPACE;
+ public static final String ALL_USER_ATTRS_WILD_CARD =
+ ZERO_OR_MORE_WHITESPACE +
+ "\\*" + ZERO_OR_MORE_WHITESPACE;
+
+ /**
+ * Regular expression the matches "+".
+ */
+ public static final String ALL_OP_ATTRS_WILD_CARD =
+ ZERO_OR_MORE_WHITESPACE +
+ "\\+" + ZERO_OR_MORE_WHITESPACE;
/**
* ACI_ADD is used to set the container rights for a LDAP add operation.
@@ -265,15 +274,38 @@
* evaluation if the flag is ACI_ATTR_STAR_MATCHED (all attributes match)
* and the attribute type is not operational.
*/
- public static final int ACI_ATTR_STAR_MATCHED = 0x0008;
+ public static final int ACI_USER_ATTR_STAR_MATCHED = 0x0008;
/**
- * ACI_FOUND_ATTR_RULE is the flag set when the evaluation reason of a
+ * ACI_FOUND_USER_ATTR_RULE is the flag set when the evaluation reason of a
* AciHandler.maysend ACI_READ access evaluation was the result of an
- * ACI targetattr specific attribute expression
- * (targetattr="some attribute type") target match.
+ * ACI targetattr specific user attribute expression
+ * (targetattr="some user attribute type") target match.
*/
- public static final int ACI_FOUND_ATTR_RULE = 0x0010;
+ public static final int ACI_FOUND_USER_ATTR_RULE = 0x0010;
+
+ /**
+ * ACI_OP_ATTR_PLUS_MATCHED is the flag set when the evaluation reason of a
+ * AciHandler.maysend ACI_READ access evaluation was the result of an
+ * ACI targetattr all operational attributes expression (targetattr="+")
+ * target match. For this flag to be set, there must be only one
+ * ACI matching.
+ *
+ * This flag and ACI_FOUND_OP_ATTR_RULE are used in the
+ * AciHandler.filterEntry.accessAllowedAttrs method to skip access
+ * evaluation if the flag is ACI_OP_ATTR_PLUS_MATCHED (all operational
+ * attributes match) and the attribute type is operational.
+ */
+
+ public static final int ACI_OP_ATTR_PLUS_MATCHED = 0x0004;
+
+ /**
+ * ACI_FOUND_OP_ATTR_RULE is the flag set when the evaluation reason of a
+ * AciHandler.maysend ACI_READ access evaluation was the result of an
+ * ACI targetattr specific operational attribute expression
+ * (targetattr="some operational attribute type") target match.
+ */
+ public static final int ACI_FOUND_OP_ATTR_RULE = 0x0020;
/**
* ACI_NULL is used to set the container rights to all zeros. Used
--
Gitblit v1.10.0