From a6ffa6f49ae5d4c3311eb5ffdd74dc3a8d6c4f40 Mon Sep 17 00:00:00 2001
From: dugan <dugan@localhost>
Date: Thu, 14 Jun 2007 19:12:52 +0000
Subject: [PATCH] Add support for '+' all attributes description in targetattrs expression, with missing files from previous commit. See issue 1779 for more info.

---
 opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java |   89 ++++++++++++++++++++++++++++++++------------
 1 files changed, 64 insertions(+), 25 deletions(-)

diff --git a/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java b/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java
index ff7da54..c2126da 100644
--- a/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java
+++ b/opends/src/server/org/opends/server/authorization/dseecompat/AciContainer.java
@@ -280,12 +280,20 @@
             this.authzid=getEffectiveRightsControl.getAuthzDN();
           this.specificAttrs=getEffectiveRightsControl.getAttributes();
         }
-        //If the ACI evaluated because of an Targetattr="*", then the
+        //If an ACI evaluated because of an Targetattr="*", then the
         //AciHandler.maySend method signaled this via adding this attachment
         //string.
-        String allAttrs=(String)operation.getAttachment(ALL_ATTRS_MATCHED);
-        if(allAttrs != null)
-          evalAllAttributes = ACI_ATTR_STAR_MATCHED;
+        String allUserAttrs=
+                  (String)operation.getAttachment(ALL_USER_ATTRS_MATCHED);
+        if(allUserAttrs != null)
+          evalAllAttributes |= ACI_USER_ATTR_STAR_MATCHED;
+        //If an ACI evaluated because of an Targetattr="+", then the
+        //AciHandler.maySend method signaled this via adding this attachment
+        //string.
+        String allOpAttrs=(String)operation.getAttachment(ALL_OP_ATTRS_MATCHED);
+        if(allOpAttrs != null)
+          evalAllAttributes |= ACI_OP_ATTR_PLUS_MATCHED;
+
         //The AciHandler.maySend method also adds the full attribute version of
         //the resource entry in this attachment.
         fullEntry=(Entry)operation.getAttachment(ALL_ATTRS_RESOURCE_ENTRY);
@@ -823,43 +831,74 @@
   /**
    * {@inheritDoc}
    */
-  public  void setACIEvalAttributesRule(int v) {
+  public  void setEvalUserAttributes(int v) {
     if(operation instanceof SearchOperation && (rights == ACI_READ)) {
-      if(v == ACI_FOUND_ATTR_RULE) {
-        evalAllAttributes |= ACI_FOUND_ATTR_RULE;
-        evalAllAttributes &= ~ACI_ATTR_STAR_MATCHED;
+      if(v == ACI_FOUND_USER_ATTR_RULE) {
+        evalAllAttributes |= ACI_FOUND_USER_ATTR_RULE;
+        evalAllAttributes &= ~ACI_USER_ATTR_STAR_MATCHED;
       } else
-        evalAllAttributes |= Aci.ACI_ATTR_STAR_MATCHED;
+        evalAllAttributes |= ACI_USER_ATTR_STAR_MATCHED;
+    }
+  }
+
+     /**
+   * {@inheritDoc}
+   */
+  public  void setEvalOpAttributes(int v) {
+    if(operation instanceof SearchOperation && (rights == ACI_READ)) {
+      if(v == ACI_FOUND_OP_ATTR_RULE) {
+        evalAllAttributes |= ACI_FOUND_OP_ATTR_RULE;
+        evalAllAttributes &= ~ACI_OP_ATTR_PLUS_MATCHED;
+      } else
+        evalAllAttributes |= ACI_OP_ATTR_PLUS_MATCHED;
     }
   }
 
   /**
    * {@inheritDoc}
    */
-  public boolean hasACIEvalAttributes() {
-    return (evalAllAttributes & ACI_FOUND_ATTR_RULE) == ACI_FOUND_ATTR_RULE;
-  }
-
-
-  /**
-   * Return true if the evaluating ACI either contained a targetattr all
-   * attributes rule matched only.
-   *
-   * @return  True if the above condition was seen.
-   **/
-  public boolean hasACIAllAttributes() {
-    return (evalAllAttributes & ACI_ATTR_STAR_MATCHED) == ACI_ATTR_STAR_MATCHED;
+  public boolean hasEvalUserAttributes() {
+    return (evalAllAttributes & ACI_FOUND_USER_ATTR_RULE) ==
+            ACI_FOUND_USER_ATTR_RULE;
   }
 
   /**
    * {@inheritDoc}
    */
-  public void clearACIEvalAttributesRule(int v) {
+  public boolean hasEvalOpAttributes() {
+    return (evalAllAttributes & ACI_FOUND_OP_ATTR_RULE) ==
+            ACI_FOUND_OP_ATTR_RULE;
+  }
+
+  /**
+   * Return true if the evaluating ACI contained a targetattr all
+   * user attributes rule match.
+   *
+   * @return  True if the above condition was seen.
+   **/
+  public boolean hasAllUserAttributes() {
+    return (evalAllAttributes & ACI_USER_ATTR_STAR_MATCHED) ==
+            ACI_USER_ATTR_STAR_MATCHED;
+  }
+
+  /**
+   * Return true if the evaluating ACI contained a targetattr all
+   * operational attributes rule match.
+   *
+   * @return  True if the above condition was seen.
+   **/
+    public boolean hasAllOpAttributes() {
+    return (evalAllAttributes & ACI_OP_ATTR_PLUS_MATCHED) ==
+            ACI_OP_ATTR_PLUS_MATCHED;
+  }
+
+  /**
+   * {@inheritDoc}
+   */
+  public void clearEvalAttributes(int v) {
     if(v == 0)
       evalAllAttributes=0;
     else
       evalAllAttributes &= ~v;
   }
-
-
 }

--
Gitblit v1.10.0