You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@directory.apache.org by ak...@apache.org on 2008/07/24 03:10:07 UTC

svn commit: r679259 - /directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java

Author: akarasulu
Date: Wed Jul 23 18:10:07 2008
New Revision: 679259

URL: http://svn.apache.org/viewvc?rev=679259&view=rev
Log:
cleaning up some ACI code in hasEntry() method of interceptor

Modified:
    directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java

Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java?rev=679259&r1=679258&r2=679259&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java (original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java Wed Jul 23 18:10:07 2008
@@ -670,18 +670,25 @@
             return name.size() == 0 || next.hasEntry( entryContext );
         }
         
-        ClonedServerEntry entry = entryContext.lookup( name, ByPassConstants.LOOKUP_BYPASS );
-            
+        boolean answer = next.hasEntry( entryContext );
+
+        // no checks on the RootDSE
+        if ( name.size() == 0 )
+        {
+            // No need to go down to the stack, if the dn is empty 
+            // It's the rootDSE, and it exists ! 
+            return answer;
+        }
         
+        // TODO - eventually replace this with a check on session.isAnAdministrator()
         LdapPrincipal principal = entryContext.getSession().getEffectivePrincipal();
         LdapDN principalDn = principal.getJndiName();
-
-        if ( isPrincipalAnAdministrator( principalDn ) || ( name.size() == 0 ) ) // no checks on the rootdse
+        if ( isPrincipalAnAdministrator( principalDn ) )
         {
-            // No need to go down to the stack, if the dn is empty : it's the rootDSE, and it exists !
-            return name.size() == 0 || next.hasEntry( entryContext );
+            return answer;
         }
 
+        ClonedServerEntry entry = entryContext.lookup( name, ByPassConstants.HAS_ENTRY_BYPASS );
         Set<LdapDN> userGroups = groupCache.getGroups( principalDn.toNormName() );
         Collection<ACITuple> tuples = new HashSet<ACITuple>();
         addPerscriptiveAciTuples( entryContext, tuples, name, entry.getOriginalEntry() );