From 9abc65098b6b8267dc67847433a5b041a3217096 Mon Sep 17 00:00:00 2001
From: dugan <dugan@localhost>
Date: Thu, 17 May 2007 11:33:06 +0000
Subject: [PATCH] ACI fixes and unit tests for issues related to targetattr keyword and returning operational attributes.

---
 opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java |   43 +++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 43 insertions(+), 0 deletions(-)

diff --git a/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java b/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java
index 495212b..71e208a 100644
--- a/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java
+++ b/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java
@@ -101,6 +101,12 @@
      * The entry being evaluated (resource entry).
      */
     private Entry resourceEntry;
+
+    /*
+     * Saves the resource entry. Used in geteffectiverights evaluation to
+     * restore the current resource entry state after a read right was
+     * evaluated.
+     */
     private Entry saveResourceEntry;
 
     /*
@@ -225,6 +231,11 @@
      */
     private String summaryString=null;
 
+   /*
+    * Flag used to determine if ACI all attributes target matched.
+    */
+    private int evalAllAttributes=0;
+
   /**
      * This constructor is used by all currently supported LDAP operations.
      *
@@ -265,6 +276,9 @@
           this.specificAttrs=getEffectiveRightsControl.getAttributes();
           fullEntry=(Entry)operation.getAttachment(ALL_ATTRS_RESOURCE_ENTRY);
         }
+        String allAttrs=(String)operation.getAttachment(ALL_ATTRS_MATCHED);
+        if(allAttrs != null)
+          evalAllAttributes = ACI_ATTR_STAR_MATCHED;
       }
       //Reference the current authorization entry, so it can be put back
       //if an access proxy check was performed.
@@ -791,4 +805,33 @@
         return "selfwrite";
       return null;
   }
+
+  /**
+   * {@inheritDoc}
+   */
+  public  void setACIEvalAttributesRule(int v) {
+    if(operation instanceof SearchOperation && (rights == ACI_READ)) {
+      if(v == ACI_FOUND_ATTR_RULE) {
+        evalAllAttributes |= ACI_FOUND_ATTR_RULE;
+        evalAllAttributes &= ~ACI_ATTR_STAR_MATCHED;
+      } else
+        evalAllAttributes |= Aci.ACI_ATTR_STAR_MATCHED;
+    }
+  }
+
+  /**
+   * {@inheritDoc}
+   */
+  public boolean hasACIEvalAttributes() {
+    return (evalAllAttributes == 0) ||
+           (evalAllAttributes & ACI_FOUND_ATTR_RULE) == ACI_FOUND_ATTR_RULE;
+  }
+
+
+  /**
+   * {@inheritDoc}
+   */
+  public void clearACIEvalAttributesRule(int v) {
+    evalAllAttributes &= ~v;
+  }
 }

--
Gitblit v1.10.0