From 67405dde9ba213331dab1fc46cb18c485070fd5b Mon Sep 17 00:00:00 2001
From: matthew_swift <matthew_swift@localhost>
Date: Fri, 05 Jun 2009 09:04:50 +0000
Subject: [PATCH] svn merge -r5333:5417 https://opends.dev.java.net/svn/opends/branches/b2.0

---
 opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyDNOperation.java |   31 +++++++++++++++++++++----------
 1 files changed, 21 insertions(+), 10 deletions(-)

diff --git a/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyDNOperation.java b/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyDNOperation.java
index 451d4f1..e53dcc2 100644
--- a/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyDNOperation.java
+++ b/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyDNOperation.java
@@ -756,9 +756,18 @@
 
           try
           {
-            // FIXME -- We need to determine whether the current user has
-            //          permission to make this determination.
             SearchFilter filter = assertControl.getSearchFilter();
+
+            // Check if the current user has permission to make
+            // this determination.
+            if (!AccessControlConfigManager.getInstance().
+              getAccessControlHandler().isAllowed(this, currentEntry, filter))
+            {
+              throw new DirectoryException(
+                ResultCode.INSUFFICIENT_ACCESS_RIGHTS,
+                ERR_CONTROL_INSUFFICIENT_ACCESS_RIGHTS.get(oid));
+            }
+
             if (! filter.matchesEntry(currentEntry))
             {
               throw new DirectoryException(ResultCode.ASSERTION_FAILED,
@@ -1095,10 +1104,11 @@
         }
       }
 
-      // FIXME -- Check access controls on the entry to see if it should
-      //          be returned or if any attributes need to be stripped
-      //          out..
-      SearchResultEntry searchEntry = new SearchResultEntry(entry);
+      // Check access controls on the entry and strip out
+      // any not allowed attributes.
+      SearchResultEntry searchEntry =
+        AccessControlConfigManager.getInstance().
+        getAccessControlHandler().filterEntry(this, entry);
       LDAPPreReadResponseControl responseControl =
            new LDAPPreReadResponseControl(preReadRequest.isCritical(),
                                           searchEntry);
@@ -1145,10 +1155,11 @@
         }
       }
 
-      // FIXME -- Check access controls on the entry to see if it should
-      //          be returned or if any attributes need to be stripped
-      //          out..
-      SearchResultEntry searchEntry = new SearchResultEntry(entry);
+      // Check access controls on the entry and strip out
+      // any not allowed attributes.
+      SearchResultEntry searchEntry =
+        AccessControlConfigManager.getInstance().
+        getAccessControlHandler().filterEntry(this, entry);
       LDAPPostReadResponseControl responseControl =
            new LDAPPostReadResponseControl(searchEntry);
 

--
Gitblit v1.10.0