From 0247636cd0990e2e18e768b5ec370660c1c4f89c Mon Sep 17 00:00:00 2001
From: dugan <dugan@localhost>
Date: Tue, 27 Mar 2007 19:52:46 +0000
Subject: [PATCH] Fix problem with targattrfilters keyword not checking for modify operation. Issue #1405

---
 opends/src/server/org/opends/server/authorization/dseecompat/TargAttrFilters.java |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/opends/src/server/org/opends/server/authorization/dseecompat/TargAttrFilters.java b/opends/src/server/org/opends/server/authorization/dseecompat/TargAttrFilters.java
index 6f4aab6..9058fa0 100644
--- a/opends/src/server/org/opends/server/authorization/dseecompat/TargAttrFilters.java
+++ b/opends/src/server/org/opends/server/authorization/dseecompat/TargAttrFilters.java
@@ -223,10 +223,11 @@
         int mask=ACI_NULL;
         //Set up the wanted mask by evaluating both the target match
         //context's rights and the mask.
-        if(matchCtx.hasRights(ACI_ADD) &&
+        if((matchCtx.hasRights(ACI_WRITE_ADD) || matchCtx.hasRights(ACI_ADD)) &&
                 hasMask(TARGATTRFILTERS_ADD))
             mask=TARGATTRFILTERS_ADD;
-        else if(matchCtx.hasRights(ACI_DELETE) &&
+        else if((matchCtx.hasRights(ACI_WRITE_DELETE) ||
+                 matchCtx.hasRights(ACI_DELETE)) &&
                 hasMask(TARGATTRFILTERS_DELETE))
             mask=TARGATTRFILTERS_DELETE;
         //Check the first list first, it always has to be there. If it doesn't
@@ -268,7 +269,7 @@
             SearchFilter filter = filterList.get(attrType);
             attrMatched=matchFilterAttributeValue(attrType, value, filter);
             //This flag causes any targattr checks to be bypassed in AciTargets.
-            if(attrMatched)
+      //      if(attrMatched)
                 matchCtx.setTargAttrFiltersMatch(true);
             if(op.equals(EnumTargetOperator.NOT_EQUALITY))
                 attrMatched = !attrMatched;

--
Gitblit v1.10.0