From a6ffa6f49ae5d4c3311eb5ffdd74dc3a8d6c4f40 Mon Sep 17 00:00:00 2001
From: dugan <dugan@localhost>
Date: Thu, 14 Jun 2007 19:12:52 +0000
Subject: [PATCH] Add support for '+' all attributes description in targetattrs expression, with missing files from previous commit. See issue 1779 for more info.

---
 opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java |   41 ++++++++++++++++++++++++++---------------
 1 files changed, 26 insertions(+), 15 deletions(-)

diff --git a/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java b/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
index 134262c..e934089 100644
--- a/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
+++ b/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
@@ -98,10 +98,16 @@
     public static String ALL_ATTRS_RESOURCE_ENTRY = "allAttrsResourceEntry";
 
     /**
-     * String used to indicate that the evaluating ACI had a all attributes
+     * String used to indicate that the evaluating ACI had a all user attributes
      * targetattr match (targetattr="*").
      */
-     public static String ALL_ATTRS_MATCHED = "allAttrsMatched";
+     public static String ALL_USER_ATTRS_MATCHED = "allUserAttrsMatched";
+
+    /**
+     * String used to indicate that the evaluating ACI had a all operational
+     * attributes targetattr match (targetattr="+").
+     */
+     public static String ALL_OP_ATTRS_MATCHED = "allOpAttrsMatched";
 
     /**
      * This constructor instantiates the ACI handler class that performs the
@@ -603,17 +609,18 @@
      */
     private SearchResultEntry
     accessAllowedAttrs(AciLDAPOperationContainer container) {
-      Entry e=container.getResourceEntry();
-      List<AttributeType> typeList=getAllAttrs(e);
-      for(AttributeType attrType : typeList) {
-        if(container.hasACIAllAttributes() && !attrType.isOperational())
-          continue;
-        container.setCurrentAttributeType(attrType);
-        if(!accessAllowed(container)) {
-          e.removeAttribute(attrType);
+        Entry e=container.getResourceEntry();
+        List<AttributeType> typeList=getAllAttrs(e);
+        for(AttributeType attrType : typeList) {
+            if(container.hasAllUserAttributes() && !attrType.isOperational())
+                continue;
+            if(container.hasAllOpAttributes() && attrType.isOperational())
+                continue;
+            container.setCurrentAttributeType(attrType);
+            if(!accessAllowed(container))
+                e.removeAttribute(attrType);
         }
-      }
-      return container.getSearchResultEntry();
+        return container.getSearchResultEntry();
     }
 
     /**
@@ -916,12 +923,16 @@
             ret=false;
           }
           if (ret) {
-              operationContainer.clearACIEvalAttributesRule(ACI_NULL);
+              operationContainer.clearEvalAttributes(ACI_NULL);
               operationContainer.setRights(ACI_READ);
               ret=accessAllowedEntry(operationContainer);
             if(ret) {
-              if(!operationContainer.hasACIEvalAttributes())
-                operation.setAttachment(ALL_ATTRS_MATCHED, ALL_ATTRS_MATCHED);
+              if(!operationContainer.hasEvalUserAttributes())
+                operation.setAttachment(ALL_USER_ATTRS_MATCHED,
+                        ALL_USER_ATTRS_MATCHED);
+              if(!operationContainer.hasEvalOpAttributes())
+                operation.setAttachment(ALL_OP_ATTRS_MATCHED,
+                        ALL_OP_ATTRS_MATCHED);
             }
           }
       }

--
Gitblit v1.10.0