From 231fa546359ec904cae4016ac00261a455de58ff Mon Sep 17 00:00:00 2001
From: Jean-Noel Rouvignac <jean-noel.rouvignac@forgerock.com>
Date: Tue, 30 Jul 2013 09:47:52 +0000
Subject: [PATCH] Reverted r9306 because it introduced a regression and because it is not clear how the DSEE ACI model should grant/deny access in this case.

---
 opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java |    6 ------
 1 files changed, 0 insertions(+), 6 deletions(-)

diff --git a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
index e9df3f5..4cd3f86 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
@@ -355,11 +355,6 @@
   {
     AciContainer container =
         new AciLDAPOperationContainer(operation, ACI_COMPARE);
-    if (!isAllowed(container, operation))
-    {
-      // first check more global ACIs without targetattrs defined on them
-      return false;
-    }
 
     String baseName;
     String rawAttributeType = operation.getRawAttributeType();
@@ -380,7 +375,6 @@
             .getAssertionValue());
     container.setCurrentAttributeType(attributeType);
     container.setCurrentAttributeValue(attributeValue);
-    // then check more precise ACIs with targetattrs defined on them
     return isAllowed(container, operation);
   }
 

--
Gitblit v1.10.0