From 91fdf0048df4c43fe3b7412ccb7f862eab5f7669 Mon Sep 17 00:00:00 2001
From: Matthew Swift <matthew.swift@forgerock.com>
Date: Wed, 02 Feb 2011 20:45:14 +0000
Subject: [PATCH] Fix issue OPENDJ-24: Fix OpenDS issue 4583: during a search op, ACI with targetfilter and targetattrs gets evaluated wrongly  https://bugster.forgerock.org/jira/browse/OPENDJ-24

---
 opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java |  117 ++--------------------------------------------------------
 1 files changed, 5 insertions(+), 112 deletions(-)

diff --git a/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java b/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java
index c011803..d92813e 100644
--- a/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java
+++ b/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendModifyOperation.java
@@ -23,6 +23,7 @@
  *
  *
  *      Copyright 2008-2009 Sun Microsystems, Inc.
+ *      Portions Copyright 2011 ForgeRock AS
  */
 package org.opends.server.workflowelement.localbackend;
 
@@ -52,9 +53,7 @@
 import org.opends.server.api.plugin.PluginResult;
 import org.opends.server.controls.LDAPAssertionRequestControl;
 import org.opends.server.controls.LDAPPostReadRequestControl;
-import org.opends.server.controls.LDAPPostReadResponseControl;
 import org.opends.server.controls.LDAPPreReadRequestControl;
-import org.opends.server.controls.LDAPPreReadResponseControl;
 import org.opends.server.controls.PasswordPolicyErrorType;
 import org.opends.server.controls.PasswordPolicyResponseControl;
 import org.opends.server.controls.ProxiedAuthV1Control;
@@ -652,7 +651,10 @@
 
           // Handle any processing that may be needed for the pre-read and/or
           // post-read controls.
-          handleReadEntryProcessing();
+          LocalBackendWorkflowElement.addPreReadResponse(this,
+              preReadRequest, currentEntry);
+          LocalBackendWorkflowElement.addPostReadResponse(this,
+              postReadRequest, modifiedEntry);
 
 
           if (! noOp)
@@ -2108,115 +2110,6 @@
 
 
   /**
-   * Handles any processing that is required for the LDAP pre-read and/or
-   * post-read controls.
-   */
-  protected void handleReadEntryProcessing()
-  {
-    if (preReadRequest != null)
-    {
-      Entry entry = currentEntry.duplicate(true);
-
-      if (! preReadRequest.allowsAttribute(
-                 DirectoryServer.getObjectClassAttributeType()))
-      {
-        entry.removeAttribute(
-                   DirectoryServer.getObjectClassAttributeType());
-      }
-
-      if (! preReadRequest.returnAllUserAttributes())
-      {
-        Iterator<AttributeType> iterator =
-             entry.getUserAttributes().keySet().iterator();
-        while (iterator.hasNext())
-        {
-          AttributeType attrType = iterator.next();
-          if (! preReadRequest.allowsAttribute(attrType))
-          {
-            iterator.remove();
-          }
-        }
-      }
-
-      if (! preReadRequest.returnAllOperationalAttributes())
-      {
-        Iterator<AttributeType> iterator =
-             entry.getOperationalAttributes().keySet().iterator();
-        while (iterator.hasNext())
-        {
-          AttributeType attrType = iterator.next();
-          if (! preReadRequest.allowsAttribute(attrType))
-          {
-            iterator.remove();
-          }
-        }
-      }
-
-      // Check access controls on the entry and strip out
-      // any not allowed attributes.
-      SearchResultEntry searchEntry =
-        AccessControlConfigManager.getInstance().
-        getAccessControlHandler().filterEntry(this, entry);
-      LDAPPreReadResponseControl responseControl =
-           new LDAPPreReadResponseControl(preReadRequest.isCritical(),
-                                          searchEntry);
-      getResponseControls().add(responseControl);
-    }
-
-    if (postReadRequest != null)
-    {
-      Entry entry = modifiedEntry.duplicate(true);
-
-      if (! postReadRequest.allowsAttribute(
-                 DirectoryServer.getObjectClassAttributeType()))
-      {
-        entry.removeAttribute(
-                   DirectoryServer.getObjectClassAttributeType());
-      }
-
-      if (! postReadRequest.returnAllUserAttributes())
-      {
-        Iterator<AttributeType> iterator =
-             entry.getUserAttributes().keySet().iterator();
-        while (iterator.hasNext())
-        {
-          AttributeType attrType = iterator.next();
-          if (! postReadRequest.allowsAttribute(attrType))
-          {
-            iterator.remove();
-          }
-        }
-      }
-
-      if (! postReadRequest.returnAllOperationalAttributes())
-      {
-        Iterator<AttributeType> iterator =
-             entry.getOperationalAttributes().keySet().iterator();
-        while (iterator.hasNext())
-        {
-          AttributeType attrType = iterator.next();
-          if (! postReadRequest.allowsAttribute(attrType))
-          {
-            iterator.remove();
-          }
-        }
-      }
-
-      // Check access controls on the entry and strip out
-      // any not allowed attributes.
-      SearchResultEntry searchEntry =
-        AccessControlConfigManager.getInstance().
-        getAccessControlHandler().filterEntry(this, entry);
-      LDAPPostReadResponseControl responseControl =
-           new LDAPPostReadResponseControl(searchEntry);
-
-      getResponseControls().add(responseControl);
-    }
-  }
-
-
-
-  /**
    * Handle conflict resolution.
    * @return  {@code true} if processing should continue for the operation, or
    *          {@code false} if not.

--
Gitblit v1.10.0