From 35b7b655f3a80e54a734bc3df6e2c71cade42ecb Mon Sep 17 00:00:00 2001
From: boli <boli@localhost>
Date: Wed, 02 May 2007 00:34:04 +0000
Subject: [PATCH] Added privileges support for unindexed searches. Fixed issue where id2subtree and id2children indexes were not used when they should be.  Added test cases for the unindexed search privilege.

---
 opends/src/server/org/opends/server/backends/jeb/EntryContainer.java |   32 ++++++++++++++------------------
 1 files changed, 14 insertions(+), 18 deletions(-)

diff --git a/opends/src/server/org/opends/server/backends/jeb/EntryContainer.java b/opends/src/server/org/opends/server/backends/jeb/EntryContainer.java
index 18eb18b..64bd468 100644
--- a/opends/src/server/org/opends/server/backends/jeb/EntryContainer.java
+++ b/opends/src/server/org/opends/server/backends/jeb/EntryContainer.java
@@ -31,6 +31,7 @@
 import org.opends.server.api.AttributeSyntax;
 import org.opends.server.api.Backend;
 import org.opends.server.api.EntryCache;
+import org.opends.server.api.ClientConnection;
 import org.opends.server.core.AddOperation;
 import org.opends.server.core.DeleteOperation;
 import org.opends.server.core.DirectoryServer;
@@ -43,22 +44,7 @@
 import org.opends.server.controls.ServerSideSortRequestControl;
 import org.opends.server.controls.ServerSideSortResponseControl;
 import org.opends.server.controls.VLVRequestControl;
-import org.opends.server.types.Attribute;
-import org.opends.server.types.AttributeType;
-import org.opends.server.types.AttributeValue;
-import org.opends.server.types.CancelledOperationException;
-import org.opends.server.types.Control;
-import org.opends.server.types.DebugLogLevel;
-import org.opends.server.types.DirectoryException;
-import org.opends.server.types.DN;
-import org.opends.server.types.Entry;
-import org.opends.server.types.LDAPException;
-import org.opends.server.types.LockType;
-import org.opends.server.types.Modification;
-import org.opends.server.types.Operation;
-import org.opends.server.types.RDN;
-import org.opends.server.types.ResultCode;
-import org.opends.server.types.SearchScope;
+import org.opends.server.types.*;
 import org.opends.server.util.StaticUtils;
 import org.opends.server.util.ServerConstants;
 
@@ -720,8 +706,7 @@
 
     // Evaluate the search scope against the id2children and id2subtree indexes.
     boolean candidatesAreInScope = false;
-    if (entryIDList.isDefined() &&
-            entryIDList.size() > IndexFilter.FILTER_CANDIDATE_THRESHOLD)
+    if (entryIDList.size() > IndexFilter.FILTER_CANDIDATE_THRESHOLD)
     {
       // Read the ID from dn2id.
       EntryID baseID = dn2id.get(null, baseDN);
@@ -820,6 +805,17 @@
     }
     else
     {
+      ClientConnection clientConnection =
+          searchOperation.getClientConnection();
+      if(! clientConnection.hasPrivilege(Privilege.UNINDEXED_SEARCH,
+                                         searchOperation))
+      {
+        int msgID = MSGID_JEB_SEARCH_UNINDEXED_INSUFFICIENT_PRIVILEGES;
+        String message = getMessage(msgID);
+        throw new DirectoryException(ResultCode.INSUFFICIENT_ACCESS_RIGHTS,
+                                     message, msgID);
+      }
+
       if (sortRequest != null)
       {
         // FIXME -- Add support for sorting unindexed searches using indexes

--
Gitblit v1.10.0