From 91fdf0048df4c43fe3b7412ccb7f862eab5f7669 Mon Sep 17 00:00:00 2001
From: Matthew Swift <matthew.swift@forgerock.com>
Date: Wed, 02 Feb 2011 20:45:14 +0000
Subject: [PATCH] Fix issue OPENDJ-24: Fix OpenDS issue 4583: during a search op, ACI with targetfilter and targetattrs gets evaluated wrongly  https://bugster.forgerock.org/jira/browse/OPENDJ-24

---
 opends/src/server/org/opends/server/authorization/dseecompat/UserAttr.java |   44 +++++++++++++++++++++-----------------------
 1 files changed, 21 insertions(+), 23 deletions(-)

diff --git a/opends/src/server/org/opends/server/authorization/dseecompat/UserAttr.java b/opends/src/server/org/opends/server/authorization/dseecompat/UserAttr.java
index c496469..bf1173c 100644
--- a/opends/src/server/org/opends/server/authorization/dseecompat/UserAttr.java
+++ b/opends/src/server/org/opends/server/authorization/dseecompat/UserAttr.java
@@ -23,6 +23,7 @@
  *
  *
  *      Copyright 2008 Sun Microsystems, Inc.
+ *      Portions Copyright 2011 ForgeRock AS
  */
 
 package org.opends.server.authorization.dseecompat;
@@ -174,29 +175,26 @@
      * @return  An enumeration containing the result of the evaluation.
      */
     public EnumEvalResult evaluate(AciEvalContext evalCtx) {
-        EnumEvalResult matched;
-       //The working resource entry might be filtered and not have an
-       //attribute type that is needed to perform these evaluations. The
-       //evalCtx has a copy of the non-filtered entry, switch to it for these
-       //evaluations.
-       evalCtx.useFullResourceEntry(true);
-        switch(userAttrType) {
-        case ROLEDN:
-        case GROUPDN:
-        case USERDN: {
-            matched=evalDNKeywords(evalCtx);
-            break;
-        }
-        case URL: {
-            matched=evalURL(evalCtx);
-            break;
-        }
-        default:
-            matched=evalVAL(evalCtx);
-        }
-        //Switch back to the working resource entry.
-        evalCtx.useFullResourceEntry(false);
-        return matched;
+      EnumEvalResult matched;
+      //The working resource entry might be filtered and not have an
+      //attribute type that is needed to perform these evaluations. The
+      //evalCtx has a copy of the non-filtered entry, switch to it for these
+      //evaluations.
+      switch(userAttrType) {
+      case ROLEDN:
+      case GROUPDN:
+      case USERDN: {
+        matched=evalDNKeywords(evalCtx);
+        break;
+      }
+      case URL: {
+        matched=evalURL(evalCtx);
+        break;
+      }
+      default:
+        matched=evalVAL(evalCtx);
+      }
+      return matched;
     }
 
     /** Evaluate a VALUE userattr type. Look in client entry for an

--
Gitblit v1.10.0