You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by ak...@apache.org on 2008/05/27 04:22:51 UTC
svn commit: r660352 - in /directory/apacheds/branches/bigbang:
core-integ/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationIT.java
core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
Author: akarasulu
Date: Mon May 26 19:22:46 2008
New Revision: 660352
URL: http://svn.apache.org/viewvc?rev=660352&view=rev
Log:
fixing bug with ACI tuple evaluation
Modified:
directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationIT.java
directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
Modified: directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationIT.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationIT.java?rev=660352&r1=660351&r2=660352&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationIT.java (original)
+++ directory/apacheds/branches/bigbang/core-integ/src/test/java/org/apache/directory/server/core/authz/SearchAuthorizationIT.java Mon May 26 19:22:46 2008
@@ -794,6 +794,7 @@
}
catch ( LdapNoPermissionException e )
{
+ return null;
}
finally
{
Modified: directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java?rev=660352&r1=660351&r2=660352&view=diff
==============================================================================
--- directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java (original)
+++ directory/apacheds/branches/bigbang/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java Mon May 26 19:22:46 2008
@@ -373,7 +373,7 @@
parentDn,
new String[]
{ SchemaConstants.SUBENTRY_ACI_AT }) ,
- PartitionNexusProxy.LOOKUP_BYPASS );
+ PartitionNexusProxy.LOOKUP_BYPASS ).getOriginalEntry();
EntryAttribute subentryAci = administrativeEntry.get( subentryAciType );
@@ -1133,16 +1133,14 @@
* tests. If we hasPermission() returns false we immediately short the
* process and return false.
*/
- ServerEntry entry = invocation.getProxy().lookup(
- new LookupOperationContext( registries, normName ), PartitionNexusProxy.LOOKUP_BYPASS );
ServerLdapContext ctx = ( ServerLdapContext ) invocation.getCaller();
LdapDN userDn = ctx.getPrincipal().getJndiName();
Set<LdapDN> userGroups = groupCache.getGroups( userDn.toNormName() );
Collection<ACITuple> tuples = new HashSet<ACITuple>();
- addPerscriptiveAciTuples( invocation.getProxy(), tuples, normName, entry );
- addEntryAciTuples( tuples, entry );
- addSubentryAciTuples( invocation.getProxy(), tuples, normName, entry );
+ addPerscriptiveAciTuples( invocation.getProxy(), tuples, normName, clonedEntry.getOriginalEntry() );
+ addEntryAciTuples( tuples, clonedEntry.getOriginalEntry() );
+ addSubentryAciTuples( invocation.getProxy(), tuples, normName, clonedEntry.getOriginalEntry() );
if ( !engine.hasPermission(
registries,
@@ -1187,7 +1185,7 @@
null,
SEARCH_ATTRVAL_PERMS,
tuples,
- entry,
+ clonedEntry,
null ) )
{
attributeToRemove.add( attributeType );
@@ -1211,7 +1209,7 @@
value,
SEARCH_ATTRVAL_PERMS,
tuples,
- entry,
+ clonedEntry,
null ) )
{
valueToRemove.add( value );