From 745d3ccec1c5673231f872a7bc8d9ff6fa655279 Mon Sep 17 00:00:00 2001
From: dugan <dugan@localhost>
Date: Wed, 25 Jul 2007 23:12:49 +0000
Subject: [PATCH] Add new ACI keyword "extop" that can be used to enforce access based on the OID of an extended operation. For example, a new global access extended operation rule is also being added:

---
 opends/src/server/org/opends/server/authorization/dseecompat/AciLDAPOperationContainer.java |   30 ++++++++++++++++++++++--------
 1 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/opends/src/server/org/opends/server/authorization/dseecompat/AciLDAPOperationContainer.java b/opends/src/server/org/opends/server/authorization/dseecompat/AciLDAPOperationContainer.java
index a417b61..b5a6398 100644
--- a/opends/src/server/org/opends/server/authorization/dseecompat/AciLDAPOperationContainer.java
+++ b/opends/src/server/org/opends/server/authorization/dseecompat/AciLDAPOperationContainer.java
@@ -32,7 +32,6 @@
 import org.opends.server.core.*;
 import org.opends.server.types.*;
 import org.opends.server.workflowelement.localbackend.*;
-import static org.opends.server.authorization.dseecompat.Aci.ACI_READ;
 
 /**
  * The AciLDAPOperationContainer is an AciContainer
@@ -64,15 +63,30 @@
     }
 
     /**
-     * Constructor interface for control evaluation.
+     * Constructor interface for evaluation of a control.
      *
-     * @param operation The operation to evaluate.
-     * @param e An entry built especially for control evaluation.
-     * @param oid The control's oid string.
+     * @param operation The operation to use in the evaluation.
+     * @param e An entry built especially for evaluation.
+     * @param c The control to evaluate.
+     * @param rights The rights of a control.
      */
-    public AciLDAPOperationContainer(Operation operation, Entry e, String oid) {
-      super(operation, (ACI_READ), e );
-      setControlOID(oid);
+    public AciLDAPOperationContainer(Operation operation, Entry e, Control c,
+                                     int rights) {
+      super(operation, rights, e );
+      setControlOID(c.getOID());
+    }
+
+    /**
+     * Constructor interface for evaluation of the extended operation.
+     *
+     * @param operation  The extended operation to evaluate.
+     * @param e  An entry built especially for evaluation.
+     * @param rights The rights of a extended operation.
+     */
+    public AciLDAPOperationContainer(ExtendedOperation operation, Entry e,
+                                     int rights) {
+      super(operation, rights, e );
+      setExtOpOID(operation.getRequestOID());
     }
 
     /**

--
Gitblit v1.10.0