From 9abc65098b6b8267dc67847433a5b041a3217096 Mon Sep 17 00:00:00 2001
From: dugan <dugan@localhost>
Date: Thu, 17 May 2007 11:33:06 +0000
Subject: [PATCH] ACI fixes and unit tests for issues related to targetattr keyword and returning operational attributes.

---
 opends/src/server/org/opends/server/authorization/dseecompat/AciTargets.java |   20 +++++++++++++++++---
 1 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/opends/src/server/org/opends/server/authorization/dseecompat/AciTargets.java b/opends/src/server/org/opends/server/authorization/dseecompat/AciTargets.java
index 8fd9d7b..d7d212d 100644
--- a/opends/src/server/org/opends/server/authorization/dseecompat/AciTargets.java
+++ b/opends/src/server/org/opends/server/authorization/dseecompat/AciTargets.java
@@ -411,9 +411,23 @@
             AttributeType a=targetMatchCtx.getCurrentAttributeType();
             int rights=targetMatchCtx.getRights();
             boolean isFirstAttr=targetMatchCtx.isFirstAttribute();
-            if((a != null) && (targets.getTargetAttr() != null))
-                ret=TargetAttr.isApplicable(a, targets.getTargetAttr());
-            else if((a != null) || (targets.getTargetAttr() != null)) {
+            if((a != null) && (targets.getTargetAttr() != null))  {
+             ret=TargetAttr.isApplicable(a,targets.getTargetAttr());
+             targetMatchCtx.clearACIEvalAttributesRule(ACI_ATTR_STAR_MATCHED);
+             /*
+               If a explicitly defined targetattr's match rule has not
+               been seen (~ACI_FOUND_ATTR_RULE) and the current attribute type
+               is applicable because of a targetattr all attributes rule match,
+               set a flag to indicate this situation (ACI_ATTR_STAR_MATCHED).
+               Else the attributes is applicable because it is operational or
+               not a targetattr's all attribute match.
+              */
+             if(ret && targets.getTargetAttr().isAllAttributes() &&
+                !targetMatchCtx.hasACIEvalAttributes())
+               targetMatchCtx.setACIEvalAttributesRule(ACI_ATTR_STAR_MATCHED);
+              else
+                targetMatchCtx.setACIEvalAttributesRule(ACI_FOUND_ATTR_RULE);
+            } else if((a != null) || (targets.getTargetAttr() != null)) {
                 if((aci.hasRights(skipRights)) &&
                                                 (skipRightsHasRights(rights)))
                     ret=true;

--
Gitblit v1.10.0