From 0644b51653b3d112f91694e263dfe1fc91ec0466 Mon Sep 17 00:00:00 2001
From: dugan <dugan@localhost>
Date: Mon, 21 May 2007 22:47:07 +0000
Subject: [PATCH] Correct problem QA found with fix for issue 1606, where the attribute(s) still were not being returned when they should be. Also, corrected problem where userattr bind rule was using filtered resource entry for userattr bind rule evaluation, causing the bind rule to sometimes not be evaluated correctly if the attribute isn't present during a userattr attribute value expression.

---
 opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java |   13 +++++++++----
 1 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java b/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
index 7521308..505937e 100644
--- a/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
+++ b/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
@@ -589,7 +589,7 @@
       Entry e=container.getResourceEntry();
       List<AttributeType> typeList=getAllAttrs(e);
       for(AttributeType attrType : typeList) {
-        if(!container.hasACIEvalAttributes() && !attrType.isOperational())
+        if(container.hasACIAllAttributes() && !attrType.isOperational())
           continue;
         container.setCurrentAttributeType(attrType);
         if(!accessAllowed(container)) {
@@ -887,14 +887,19 @@
       if(!(ret=skipAccessCheck(operation))) {
           ret=testFilter(operationContainer, operation.getFilter());
           if (ret) {
+              operationContainer.clearACIEvalAttributesRule(ACI_NULL);
               operationContainer.setRights(ACI_READ);
               ret=accessAllowedEntry(operationContainer);
-              if(ret && !operationContainer.hasACIEvalAttributes())
+            if(ret) {
+              if(!operationContainer.hasACIEvalAttributes())
                 operation.setAttachment(ALL_ATTRS_MATCHED, ALL_ATTRS_MATCHED);
+            }
           }
       }
-      if(ret && operation.getAttachment(OID_GET_EFFECTIVE_RIGHTS) != null)
-         operation.setAttachment(ALL_ATTRS_RESOURCE_ENTRY, entry );
+      //Save a copy of the full resource entry for possible
+      //userattr bind rule or geteffectiveright's evaluations in the filterEnty
+      //method.
+      operation.setAttachment(ALL_ATTRS_RESOURCE_ENTRY, entry );
       return ret;
   }
 

--
Gitblit v1.10.0