You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ak...@apache.org on 2008/07/24 03:10:07 UTC
svn commit: r679259 -
/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
Author: akarasulu
Date: Wed Jul 23 18:10:07 2008
New Revision: 679259
URL: http://svn.apache.org/viewvc?rev=679259&view=rev
Log:
cleaning up some ACI code in hasEntry() method of interceptor
Modified:
directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java?rev=679259&r1=679258&r2=679259&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java (original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java Wed Jul 23 18:10:07 2008
@@ -670,18 +670,25 @@
return name.size() == 0 || next.hasEntry( entryContext );
}
- ClonedServerEntry entry = entryContext.lookup( name, ByPassConstants.LOOKUP_BYPASS );
-
+ boolean answer = next.hasEntry( entryContext );
+
+ // no checks on the RootDSE
+ if ( name.size() == 0 )
+ {
+ // No need to go down to the stack, if the dn is empty
+ // It's the rootDSE, and it exists !
+ return answer;
+ }
+ // TODO - eventually replace this with a check on session.isAnAdministrator()
LdapPrincipal principal = entryContext.getSession().getEffectivePrincipal();
LdapDN principalDn = principal.getJndiName();
-
- if ( isPrincipalAnAdministrator( principalDn ) || ( name.size() == 0 ) ) // no checks on the rootdse
+ if ( isPrincipalAnAdministrator( principalDn ) )
{
- // No need to go down to the stack, if the dn is empty : it's the rootDSE, and it exists !
- return name.size() == 0 || next.hasEntry( entryContext );
+ return answer;
}
+ ClonedServerEntry entry = entryContext.lookup( name, ByPassConstants.HAS_ENTRY_BYPASS );
Set<LdapDN> userGroups = groupCache.getGroups( principalDn.toNormName() );
Collection<ACITuple> tuples = new HashSet<ACITuple>();
addPerscriptiveAciTuples( entryContext, tuples, name, entry.getOriginalEntry() );