From 1c1400a568940232bff55fa95094716b87fc8d9a Mon Sep 17 00:00:00 2001
From: Jean-Noel Rouvignac <jean-noel.rouvignac@forgerock.com>
Date: Fri, 06 Dec 2013 16:13:01 +0000
Subject: [PATCH] OPENDJ-1088 (CR-2677) Wrong error message and result code when deleting branch as a user with insufficient access rights

---
 opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendSearchOperation.java |   22 ++++------------------
 1 files changed, 4 insertions(+), 18 deletions(-)

diff --git a/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendSearchOperation.java b/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendSearchOperation.java
index 19035f9..599ea9b 100644
--- a/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendSearchOperation.java
+++ b/opends/src/server/org/opends/server/workflowelement/localbackend/LocalBackendSearchOperation.java
@@ -32,17 +32,8 @@
 import org.opends.server.api.Backend;
 import org.opends.server.api.ClientConnection;
 import org.opends.server.api.plugin.PluginResult;
-import org.opends.server.controls.LDAPAssertionRequestControl;
-import org.opends.server.controls.MatchedValuesControl;
-import org.opends.server.controls.PersistentSearchControl;
-import org.opends.server.controls.ProxiedAuthV1Control;
-import org.opends.server.controls.ProxiedAuthV2Control;
-import org.opends.server.controls.SubentriesControl;
-import org.opends.server.core.AccessControlConfigManager;
-import org.opends.server.core.DirectoryServer;
-import org.opends.server.core.PersistentSearch;
-import org.opends.server.core.SearchOperationWrapper;
-import org.opends.server.core.SearchOperation;
+import org.opends.server.controls.*;
+import org.opends.server.core.*;
 import org.opends.server.loggers.debug.DebugTracer;
 import org.opends.server.types.*;
 import org.opends.server.types.operation.PostOperationSearchOperation;
@@ -342,6 +333,8 @@
    */
   private void handleRequestControls() throws DirectoryException
   {
+    LocalBackendWorkflowElement.removeAllDisallowedControls(baseDN, this);
+
     List<Control> requestControls  = getRequestControls();
     if ((requestControls != null) && (! requestControls.isEmpty()))
     {
@@ -350,19 +343,12 @@
         Control c   = requestControls.get(i);
         String  oid = c.getOID();
 
-        if (!LocalBackendWorkflowElement.isControlAllowed(baseDN, this, c))
-        {
-          // Skip disallowed non-critical controls.
-          continue;
-        }
-
         if (oid.equals(OID_LDAP_ASSERTION))
         {
           LDAPAssertionRequestControl assertControl =
                 getRequestControl(LDAPAssertionRequestControl.DECODER);
 
           SearchFilter assertionFilter;
-
           try
           {
             assertionFilter = assertControl.getSearchFilter();

--
Gitblit v1.10.0