From f383f779c151e10965f9438a6c020082ac5ec569 Mon Sep 17 00:00:00 2001
From: Jean-Noel Rouvignac <jean-noel.rouvignac@forgerock.com>
Date: Sat, 27 Jul 2013 15:57:57 +0000
Subject: [PATCH] AciHandler.java: Fixed a bug in the previous refactoring of this file.

---
 opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java |   44 ++++++++++++++++++++------------------------
 1 files changed, 20 insertions(+), 24 deletions(-)

diff --git a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
index bb900bc..e9df3f5 100644
--- a/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
+++ b/opendj-sdk/opends/src/server/org/opends/server/authorization/dseecompat/AciHandler.java
@@ -418,36 +418,37 @@
       return true;
     }
 
+    final RDN oldRDN = operation.getOriginalEntry().getDN().getRDN();
+    final RDN newRDN = operation.getNewRDN();
+    final DN newSuperiorDN = operation.getNewSuperior();
+
     // If this is a modifyDN move to a new superior, then check if the
     // superior DN has import access.
-    final DN newSuperiorDN = operation.getNewSuperior();
-    if (!aciCheckSuperiorEntry(newSuperiorDN, operation))
+    if (newSuperiorDN != null
+        && !aciCheckSuperiorEntry(newSuperiorDN, operation))
     {
       return false;
     }
 
     // Perform the RDN access checks.
-    RDN oldRDN = operation.getOriginalEntry().getDN().getRDN();
-    RDN newRDN = operation.getNewRDN();
-    if (aciCheckRDNs(operation, oldRDN, newRDN))
+    boolean rdnChangesAllowed = aciCheckRDNs(operation, oldRDN, newRDN);
+
+    // If this is a modifyDN move to a new superior, then check if the
+    // original entry DN has export access.
+    if (rdnChangesAllowed && newSuperiorDN != null)
     {
-      // If this is a modifyDN move to a new superior, then check if the
-      // original entry DN has export access.
-      if (newSuperiorDN != null)
+      AciContainer container =
+          new AciLDAPOperationContainer(operation, ACI_EXPORT, operation
+              .getOriginalEntry());
+      if (!oldRDN.equals(newRDN))
       {
-        AciContainer container =
-            new AciLDAPOperationContainer(operation, ACI_EXPORT,
-                operation.getOriginalEntry());
-        if (!oldRDN.equals(newRDN))
-        {
-          // The RDNs are not equal, skip the proxy check since it was
-          // already performed in the aciCheckRDNs call above.
-          container.setSeenEntry(true);
-        }
-        return accessAllowed(container);
+        // The RDNs are not equal, skip the proxy check since it was
+        // already performed in the aciCheckRDNs call above.
+        container.setSeenEntry(true);
       }
+      return accessAllowed(container);
     }
-    return true;
+    return rdnChangesAllowed;
   }
 
 
@@ -1013,11 +1014,6 @@
    */
   private boolean aciCheckSuperiorEntry(DN superiorDN, ModifyDNOperation op)
   {
-    if (superiorDN == null)
-    {
-      return false;
-    }
-
     final Lock entryLock = LockManager.lockRead(superiorDN);
     if (entryLock == null)
     {

--
Gitblit v1.10.0