You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2010/07/15 12:04:08 UTC
svn commit: r964361 [4/5] - in /directory/shared/trunk:
ldap-schema-manager-tests/
ldap-schema-manager-tests/src/test/java/org/apache/directory/shared/ldap/aci/
ldap-schema-manager-tests/src/test/java/org/apache/directory/shared/ldap/schema/syntaxCheck...
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/Permission.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/Permission.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/Permission.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/Permission.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,117 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.ldap.aci;
+
+
+import java.io.Serializable;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+
+/**
+ * An abstract base class for {@link ItemPermission} and {@link UserPermission}.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public abstract class Permission implements Serializable
+{
+ private final Integer precedence;
+
+ private final Set<GrantAndDenial> grantsAndDenials;
+
+ private final Set<GrantAndDenial> grants;
+
+ private final Set<GrantAndDenial> denials;
+
+
+ /**
+ * Creates a new instance
+ *
+ * @param precedence
+ * the precedence of this permission (<tt>-1</tt> to use the
+ * default)
+ * @param grantsAndDenials
+ * the set of {@link GrantAndDenial}s
+ */
+ protected Permission( Integer precedence, Collection<GrantAndDenial> grantsAndDenials)
+ {
+ this.precedence = precedence;
+
+ Set<GrantAndDenial> tmpGrantsAndDenials = new HashSet<GrantAndDenial>();
+ Set<GrantAndDenial> tmpGrants = new HashSet<GrantAndDenial>();
+ Set<GrantAndDenial> tmpDenials = new HashSet<GrantAndDenial>();
+
+ for ( GrantAndDenial gad:grantsAndDenials )
+ {
+ if ( gad.isGrant() )
+ {
+ tmpGrants.add( gad );
+ }
+ else
+ {
+ tmpDenials.add( gad );
+ }
+
+ tmpGrantsAndDenials.add( gad );
+ }
+
+ this.grants = Collections.unmodifiableSet( tmpGrants );
+ this.denials = Collections.unmodifiableSet( tmpDenials );
+ this.grantsAndDenials = Collections.unmodifiableSet( tmpGrantsAndDenials );
+ }
+
+
+ /**
+ * Returns the precedence of this permission.
+ */
+ public Integer getPrecedence()
+ {
+ return precedence;
+ }
+
+
+ /**
+ * Returns the set of {@link GrantAndDenial}s.
+ */
+ public Set<GrantAndDenial> getGrantsAndDenials()
+ {
+ return grantsAndDenials;
+ }
+
+
+ /**
+ * Returns the set of grants only.
+ */
+ public Set<GrantAndDenial> getGrants()
+ {
+ return grants;
+ }
+
+
+ /**
+ * Returns the set of denials only.
+ */
+ public Set<GrantAndDenial> getDenials()
+ {
+ return denials;
+ }
+}
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ProtectedItem.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ProtectedItem.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ProtectedItem.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ProtectedItem.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,79 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.ldap.aci;
+
+
+import org.apache.directory.shared.ldap.aci.protectedItem.AllUserAttributeTypesAndValuesItem;
+import org.apache.directory.shared.ldap.aci.protectedItem.AllUserAttributeTypesItem;
+import org.apache.directory.shared.ldap.aci.protectedItem.EntryItem;
+
+
+/**
+ * Defines the items to which the access controls apply. It's one of the
+ * following elements :
+ * <ul>
+ * <li>AllAttributeValuesItem</li>
+ * <li>AllUserAttributeTypesAndValuesItem</li>
+ * <li>AllUserAttributeTypesItem</li>
+ * <li>AttributeTypeItem</li>
+ * <li>AttributeValueItem</li>
+ * <li>ClassesItem</li>
+ * <li>EntryItem</li>
+ * <li>MaxImmSubItem</li>
+ * <li>MaxValueCountItem</li>
+ * <li>RangeOfValuesItem</li>
+ * <li>RestrictedByItem</li>
+ * <li>SelfValueItem</li>
+ * </ul>
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public abstract class ProtectedItem
+{
+ /**
+ * The entry contents as a whole. In case of a family member, it also means
+ * the entry content of each subordinate family member within the same
+ * compound attribute. It does not necessarily include the information in
+ * these entries. This element shall be ignored if the classes element is
+ * present, since this latter element selects protected entries (and
+ * subordinate family members) on the basis of their object class.
+ */
+ public static final EntryItem ENTRY = new EntryItem();
+
+ /**
+ * All user attribute type information associated with the entry, but not
+ * values associated with those attributes.
+ */
+ public static final AllUserAttributeTypesItem ALL_USER_ATTRIBUTE_TYPES = new AllUserAttributeTypesItem();
+
+ /**
+ * All user attribute information associated with the entry, including all
+ * values of all user attributes.
+ */
+ public static final AllUserAttributeTypesAndValuesItem ALL_USER_ATTRIBUTE_TYPES_AND_VALUES = new AllUserAttributeTypesAndValuesItem();
+
+
+ /**
+ * Creates a new instance.
+ */
+ protected ProtectedItem()
+ {
+ }
+}
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemChecker.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemChecker.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemChecker.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemChecker.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,61 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.directory.shared.ldap.aci;
+
+
+
+import antlr.TokenStream;
+
+
+/**
+ * A reusable parser class extended from antlr generated parser for an LDAP
+ * subtree specification as defined by <a
+ * href="http://www.faqs.org/rfcs/rfc3672.html"> RFC 3672</a>. This class
+ * enables the reuse of the antlr parser without having to recreate the it every
+ * time as stated in <a
+ * href="http://www.antlr.org:8080/pipermail/antlr-interest/2003-April/003631.html">
+ * a Antlr Interest Group mail</a> .
+ *
+ * @see <a href="http://www.faqs.org/rfcs/rfc3672.html">RFC 3672</a>
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+class ReusableAntlrACIItemChecker extends AntlrACIItemChecker
+{
+ /**
+ * Creates a ReusableAntlrACIItemChecker instance.
+ */
+ public ReusableAntlrACIItemChecker( TokenStream lexer )
+ {
+ super( lexer );
+ }
+
+
+ /**
+ * Resets the state of an antlr parser.
+ */
+ public void resetState()
+ {
+ // no set method for this protected field.
+ this.traceDepth = 0;
+
+ this.getInputState().reset();
+ }
+}
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemCheckerLexer.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemCheckerLexer.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemCheckerLexer.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemCheckerLexer.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.directory.shared.ldap.aci;
+
+
+import java.io.Reader;
+
+import antlr.CharBuffer;
+import antlr.LexerSharedInputState;
+
+
+/**
+ * A reusable lexer class extended from antlr generated lexer for an LDAP
+ * subtree specification as defined by <a
+ * href="http://www.faqs.org/rfcs/rfc3672.html"> RFC 3672</a>. This class
+ * enables the reuse of the antlr lexer without having to recreate the it every
+ * time as stated in <a
+ * href="http://www.antlr.org:8080/pipermail/antlr-interest/2003-April/003631.html">
+ * a Antlr Interest Group mail</a> .
+ *
+ * @see <a href="http://www.faqs.org/rfcs/rfc3672.html">RFC 3672</a>
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+class ReusableAntlrACIItemCheckerLexer extends AntlrACIItemCheckerLexer
+{
+ private boolean savedCaseSensitive;
+
+ private boolean savedCaseSensitiveLiterals;
+
+
+ /**
+ * Creates a ReusableAntlrACIItemCheckerLexer instance.
+ *
+ * @param in
+ * the input to the lexer
+ */
+ public ReusableAntlrACIItemCheckerLexer(Reader in)
+ {
+ super( in );
+ savedCaseSensitive = getCaseSensitive();
+ savedCaseSensitiveLiterals = getCaseSensitiveLiterals();
+ }
+
+
+ /**
+ * Resets the state of an antlr lexer and initializes it with new input.
+ *
+ * @param in
+ * the input to the lexer
+ */
+ public void prepareNextInput( Reader in )
+ {
+ CharBuffer buf = new CharBuffer( in );
+ LexerSharedInputState state = new LexerSharedInputState( buf );
+ this.setInputState( state );
+
+ this.setCaseSensitive( savedCaseSensitive );
+
+ // no set method for this protected field.
+ this.caseSensitiveLiterals = savedCaseSensitiveLiterals;
+ }
+}
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemLexer.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemLexer.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemLexer.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemLexer.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.directory.shared.ldap.aci;
+
+
+import java.io.Reader;
+
+import antlr.CharBuffer;
+import antlr.LexerSharedInputState;
+
+
+/**
+ * A reusable lexer class extended from antlr generated lexer for an LDAP
+ * subtree specification as defined by <a
+ * href="http://www.faqs.org/rfcs/rfc3672.html"> RFC 3672</a>. This class
+ * enables the reuse of the antlr lexer without having to recreate the it every
+ * time as stated in <a
+ * href="http://www.antlr.org:8080/pipermail/antlr-interest/2003-April/003631.html">
+ * a Antlr Interest Group mail</a> .
+ *
+ * @see <a href="http://www.faqs.org/rfcs/rfc3672.html">RFC 3672</a>
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+class ReusableAntlrACIItemLexer extends AntlrACIItemLexer
+{
+ private boolean savedCaseSensitive;
+
+ private boolean savedCaseSensitiveLiterals;
+
+
+ /**
+ * Creates a ReusableAntlrSubtreeSpecificationLexer instance.
+ *
+ * @param in
+ * the input to the lexer
+ */
+ public ReusableAntlrACIItemLexer(Reader in)
+ {
+ super( in );
+ savedCaseSensitive = getCaseSensitive();
+ savedCaseSensitiveLiterals = getCaseSensitiveLiterals();
+ }
+
+
+ /**
+ * Resets the state of an antlr lexer and initializes it with new input.
+ *
+ * @param in
+ * the input to the lexer
+ */
+ public void prepareNextInput( Reader in )
+ {
+ CharBuffer buf = new CharBuffer( in );
+ LexerSharedInputState state = new LexerSharedInputState( buf );
+ this.setInputState( state );
+
+ this.setCaseSensitive( savedCaseSensitive );
+
+ // no set method for this protected field.
+ this.caseSensitiveLiterals = savedCaseSensitiveLiterals;
+ }
+}
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemParser.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemParser.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemParser.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/ReusableAntlrACIItemParser.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,60 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.directory.shared.ldap.aci;
+
+
+import antlr.TokenStream;
+
+
+/**
+ * A reusable parser class extended from antlr generated parser for an LDAP
+ * subtree specification as defined by <a
+ * href="http://www.faqs.org/rfcs/rfc3672.html"> RFC 3672</a>. This class
+ * enables the reuse of the antlr parser without having to recreate the it every
+ * time as stated in <a
+ * href="http://www.antlr.org:8080/pipermail/antlr-interest/2003-April/003631.html">
+ * a Antlr Interest Group mail</a> .
+ *
+ * @see <a href="http://www.faqs.org/rfcs/rfc3672.html">RFC 3672</a>
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+class ReusableAntlrACIItemParser extends AntlrACIItemParser
+{
+ /**
+ * Creates a ReusableAntlrSubtreeSpecificationParser instance.
+ */
+ public ReusableAntlrACIItemParser( TokenStream lexer )
+ {
+ super( lexer );
+ }
+
+
+ /**
+ * Resets the state of an antlr parser.
+ */
+ public void resetState()
+ {
+ // no set method for this protected field.
+ this.traceDepth = 0;
+
+ this.getInputState().reset();
+ }
+}
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/UserClass.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/UserClass.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/UserClass.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/UserClass.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,383 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.ldap.aci;
+
+
+import java.io.Serializable;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+import org.apache.directory.shared.ldap.name.DN;
+import org.apache.directory.shared.ldap.subtree.SubtreeSpecification;
+
+
+/**
+ * Defines a set of zero or more users the permissions apply to.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public abstract class UserClass implements Serializable
+{
+ private static final long serialVersionUID = -123919984184219893L;
+
+ /**
+ * Every directory user (with possible requirements for
+ * authenticationLevel).
+ */
+ public static final AllUsers ALL_USERS = new AllUsers();
+
+ /**
+ * The user with the same distinguished name as the entry being accessed, or
+ * if the entry is a member of a family, then additionally the user with the
+ * distinguished name of the ancestor.
+ */
+ public static final ThisEntry THIS_ENTRY = new ThisEntry();
+
+ /**
+ * The user as parent (ancestor) of accessed entry.
+ */
+ public static final ParentOfEntry PARENT_OF_ENTRY = new ParentOfEntry();
+
+
+ /**
+ * Creates a new instance.
+ */
+ protected UserClass()
+ {
+ }
+
+ /**
+ * Every directory user (with possible requirements for
+ * authenticationLevel).
+ */
+ public static class AllUsers extends UserClass
+ {
+ private static final long serialVersionUID = 8967984720792510292L;
+
+
+ private AllUsers()
+ {
+ }
+
+
+ public String toString()
+ {
+ return "allUsers";
+ }
+ }
+
+ /**
+ * The user with the same distinguished name as the entry being accessed, or
+ * if the entry is a member of a family, then additionally the user with the
+ * distinguished name of the ancestor.
+ */
+ public static class ThisEntry extends UserClass
+ {
+ private static final long serialVersionUID = -8189325270233754470L;
+
+
+ private ThisEntry()
+ {
+ }
+
+
+ public String toString()
+ {
+ return "thisEntry";
+ }
+ }
+
+ /**
+ * The user as parent (ancestor) of accessed entry.
+ */
+ public static class ParentOfEntry extends UserClass
+ {
+ private static final long serialVersionUID = 5247207736068086476L;
+
+
+ private ParentOfEntry()
+ {
+ }
+
+
+ public String toString()
+ {
+ return "parentOfEntry";
+ }
+
+ }
+
+ /**
+ * A base class for all user classes which has a set of DNs.
+ */
+ private static abstract class NamedUserClass extends UserClass
+ {
+ private static final long serialVersionUID = 8571875984468893621L;
+ protected final Set<DN> names;
+
+
+ /**
+ * Creates a new instance.
+ *
+ * @param names a set of names
+ */
+ protected NamedUserClass( Set<DN> names )
+ {
+ if ( names == null )
+ {
+ this.names = Collections.unmodifiableSet( new HashSet<DN>() );
+ }
+ else
+ {
+ this.names = Collections.unmodifiableSet( new HashSet<DN>( names ) );
+ }
+ }
+
+
+ /**
+ * Returns the set of all names.
+ */
+ public Set<DN> getNames()
+ {
+ return names;
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public boolean equals( Object o )
+ {
+ if ( this == o )
+ {
+ return true;
+ }
+
+ if ( o == null )
+ {
+ return false;
+ }
+
+ if ( getClass().isAssignableFrom( o.getClass() ) )
+ {
+ Name that = ( Name ) o;
+ return this.names.equals( that.names );
+ }
+
+ return false;
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public int hashCode()
+ {
+ int result = 37;
+
+ for ( DN dn : this.names )
+ {
+ result = result * 17 + dn.hashCode();
+ }
+
+ return result;
+ }
+
+
+ public String toString()
+ {
+ StringBuilder buffer = new StringBuilder();
+
+ boolean isFirst = true;
+ buffer.append( "{ " );
+
+ for ( DN name : names )
+ {
+ if ( isFirst )
+ {
+ isFirst = false;
+ }
+ else
+ {
+ buffer.append( ", " );
+ }
+
+ buffer.append( '"' );
+ buffer.append( name.toString() );
+ buffer.append( '"' );
+ }
+
+ buffer.append( " }" );
+
+ return buffer.toString();
+ }
+ }
+
+ /**
+ * The user with the specified distinguished name.
+ */
+ public static class Name extends NamedUserClass
+ {
+ private static final long serialVersionUID = -4168412030168359882L;
+
+
+ /**
+ * Creates a new instance.
+ *
+ * @param usernames
+ * the set of user DNs.
+ */
+ public Name( Set<DN> usernames )
+ {
+ super( usernames );
+ }
+
+
+ public String toString()
+ {
+ return "name " + super.toString();
+ }
+ }
+
+ /**
+ * The set of users who are members of the groupOfUniqueNames entry,
+ * identified by the specified distinguished name. Members of a group of
+ * unique names are treated as individual object names, and not as the names
+ * of other groups of unique names.
+ */
+ public static class UserGroup extends NamedUserClass
+ {
+ private static final long serialVersionUID = 8887107815072965807L;
+
+
+ /**
+ * Creates a new instance.
+ *
+ * @param groupNames
+ * the set of group DNs.
+ */
+ public UserGroup( Set<DN> groupNames )
+ {
+ super( groupNames );
+ }
+
+
+ public String toString()
+ {
+ return "userGroup " + super.toString();
+ }
+ }
+
+ /**
+ * The set of users whose distinguished names fall within the definition of
+ * the (unrefined) subtree.
+ */
+ public static class Subtree extends UserClass
+ {
+ private static final long serialVersionUID = 3949337699049701332L;
+
+ protected final Set<SubtreeSpecification> subtreeSpecifications;
+
+
+ /**
+ * Creates a new instance.
+ *
+ * @param subtreeSpecs
+ * the collection of unrefined {@link SubtreeSpecification}s.
+ */
+ public Subtree( Set<SubtreeSpecification> subtreeSpecs )
+ {
+ this.subtreeSpecifications = Collections.unmodifiableSet( subtreeSpecs );
+ }
+
+
+ /**
+ * Returns the collection of unrefined {@link SubtreeSpecification}s.
+ */
+ public Set<SubtreeSpecification> getSubtreeSpecifications()
+ {
+ return subtreeSpecifications;
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public int hashCode()
+ {
+ int hash = 37;
+ hash = hash * 17 + subtreeSpecifications.hashCode();
+
+ return hash;
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public boolean equals( Object o )
+ {
+ if ( this == o )
+ {
+ return true;
+ }
+
+ if ( o instanceof Subtree )
+ {
+ Subtree that = ( Subtree ) o;
+ return this.subtreeSpecifications.equals( that.subtreeSpecifications );
+ }
+
+ return false;
+ }
+
+
+ public String toString()
+ {
+ StringBuilder buffer = new StringBuilder();
+
+ boolean isFirst = true;
+ buffer.append( "subtree { " );
+
+ for ( SubtreeSpecification ss : subtreeSpecifications )
+ {
+ if ( isFirst )
+ {
+ isFirst = false;
+ }
+ else
+ {
+ buffer.append( ", " );
+ }
+
+ ss.toString( buffer );
+ }
+
+ buffer.append( " }" );
+
+ return buffer.toString();
+ }
+ }
+}
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/UserFirstACIItem.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/UserFirstACIItem.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/UserFirstACIItem.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/UserFirstACIItem.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,182 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.ldap.aci;
+
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Set;
+
+import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
+
+
+/**
+ * An {@link ACIItem} which specifies {@link UserClass}es first and then
+ * {@link ProtectedItem}s each {@link UserClass} will have. (18.4.2.4. X.501)
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class UserFirstACIItem extends ACIItem
+{
+ private static final long serialVersionUID = 5587483838404246148L;
+
+ private final Collection<UserClass> userClasses;
+
+ private final Collection<UserPermission> userPermissions;
+
+
+ /**
+ * Creates a new instance.
+ *
+ * @param identificationTag
+ * the id string of this item
+ * @param precedence
+ * the precedence of this item
+ * @param authenticationLevel
+ * the level of authentication required to this item
+ * @param userClasses
+ * the collection of {@link UserClass}es this item protects
+ * @param userPermissions
+ * the collection of {@link UserPermission}s each
+ * <tt>protectedItems</tt> will have
+ */
+ public UserFirstACIItem(String identificationTag, int precedence, AuthenticationLevel authenticationLevel,
+ Collection<UserClass> userClasses, Collection<UserPermission> userPermissions)
+ {
+ super( identificationTag, precedence, authenticationLevel );
+
+ this.userClasses = Collections.unmodifiableCollection( new ArrayList<UserClass>( userClasses ) );
+ this.userPermissions = Collections.unmodifiableCollection( new ArrayList<UserPermission>( userPermissions ) );
+ }
+
+
+ /**
+ * Returns the set of {@link UserClass}es.
+ */
+ public Collection<UserClass> getUserClasses()
+ {
+ return userClasses;
+ }
+
+
+ /**
+ * Returns the set of {@link UserPermission}s.
+ */
+ public Collection<UserPermission> getUserPermission()
+ {
+ return userPermissions;
+ }
+
+
+ public String toString()
+ {
+ StringBuilder buf = new StringBuilder();
+
+ // identificationTag
+ buf.append( "{ identificationTag \"" );
+ buf.append( getIdentificationTag() );
+ buf.append( "\", " );
+
+ // precedence
+ buf.append( "precedence " );
+ buf.append( getPrecedence() );
+ buf.append( ", " );
+
+ // authenticationLevel
+ buf.append( "authenticationLevel " );
+ buf.append( getAuthenticationLevel().getName() );
+ buf.append( ", " );
+
+ // itemOrUserFirst
+ buf.append( "itemOrUserFirst userFirst: { " );
+
+ // protectedItems
+ buf.append( "userClasses { " );
+
+ boolean isFirst = true;
+
+ for ( UserClass userClass:userClasses )
+ {
+ if ( isFirst )
+ {
+ isFirst = false;
+ }
+ else
+ {
+ buf.append( ", " );
+ }
+
+ buf.append( userClass.toString() );
+ }
+
+ buf.append( " }, " );
+
+ // itemPermissions
+ buf.append( "userPermissions { " );
+
+ isFirst = true;
+
+ for ( UserPermission permission:userPermissions )
+ {
+ if ( isFirst )
+ {
+ isFirst = false;
+ }
+ else
+ {
+ buf.append( ", " );
+ }
+
+ buf.append( permission.toString() );
+ }
+
+ buf.append( " } } }" );
+
+ return buf.toString();
+ }
+
+
+ public Collection<ACITuple> toTuples()
+ {
+ Collection<ACITuple> tuples = new ArrayList<ACITuple>();
+
+ for ( UserPermission userPermission:userPermissions )
+ {
+ Set<GrantAndDenial> grants = userPermission.getGrants();
+ Set<GrantAndDenial> denials = userPermission.getDenials();
+ int precedence = userPermission.getPrecedence() != null ?
+ userPermission.getPrecedence() :
+ this.getPrecedence();
+
+ if ( grants.size() > 0 )
+ {
+ tuples.add( new ACITuple( getUserClasses(), getAuthenticationLevel(), userPermission
+ .getProtectedItems(), toMicroOperations( grants ), true, precedence ) );
+ }
+ if ( denials.size() > 0 )
+ {
+ tuples.add( new ACITuple( getUserClasses(), getAuthenticationLevel(), userPermission
+ .getProtectedItems(), toMicroOperations( denials ), false, precedence ) );
+ }
+ }
+ return tuples;
+ }
+}
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/UserPermission.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/UserPermission.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/UserPermission.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/UserPermission.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,121 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.ldap.aci;
+
+
+import java.util.Collection;
+import java.util.Collections;
+
+
+/**
+ * Represents permissions to be applied to all {@link UserClass}es in
+ * {@link UserFirstACIItem}.
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class UserPermission extends Permission
+{
+ private static final long serialVersionUID = 3940100745409337694L;
+
+ private final Collection<ProtectedItem> protectedItems;
+
+
+ /**
+ * Creates a new instance
+ *
+ * @param precedence
+ * the precedence of this permission (<tt>-1</tt> to use the
+ * default)
+ * @param grantsAndDenials
+ * the set of {@link GrantAndDenial}s
+ * @param protectedItems
+ * the collection of {@link ProtectedItem}s
+ */
+ public UserPermission( Integer precedence, Collection<GrantAndDenial> grantsAndDenials, Collection<ProtectedItem> protectedItems )
+ {
+ super( precedence, grantsAndDenials );
+
+ this.protectedItems = Collections.unmodifiableCollection( protectedItems );
+ }
+
+
+ /**
+ * Returns the collection of {@link ProtectedItem}s.
+ */
+ public Collection<ProtectedItem> getProtectedItems()
+ {
+ return protectedItems;
+ }
+
+
+ public String toString()
+ {
+ StringBuilder buf = new StringBuilder();
+
+ buf.append( "{ " );
+
+ if ( getPrecedence() != null )
+ {
+ buf.append( "precedence " );
+ buf.append( getPrecedence() );
+ buf.append( ", " );
+ }
+
+ buf.append( "protectedItems { " );
+
+ boolean isFirst = true;
+
+ for ( ProtectedItem item:protectedItems )
+ {
+ if ( isFirst )
+ {
+ isFirst = false;
+ }
+ else
+ {
+ buf.append( ", " );
+ }
+
+ buf.append( item.toString() );
+ }
+
+ buf.append( " }, grantsAndDenials { " );
+
+ isFirst = true;
+
+ for ( GrantAndDenial grantAndDenial:getGrantsAndDenials() )
+ {
+ if ( isFirst )
+ {
+ isFirst = false;
+ }
+ else
+ {
+ buf.append( ", " );
+ }
+
+ buf.append( grantAndDenial.toString() );
+ }
+
+ buf.append( " } }" );
+
+ return buf.toString();
+ }
+}
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AbstractAttributeTypeProtectedItem.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AbstractAttributeTypeProtectedItem.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AbstractAttributeTypeProtectedItem.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AbstractAttributeTypeProtectedItem.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,123 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.ldap.aci.protectedItem;
+
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.Set;
+
+import org.apache.directory.shared.ldap.aci.ProtectedItem;
+import org.apache.directory.shared.ldap.schema.AttributeType;
+
+/**
+ * A base class for all items which protects attribute types (or its values)
+ */
+public abstract class AbstractAttributeTypeProtectedItem extends ProtectedItem
+{
+ protected final Set<AttributeType> attributeTypes;
+
+
+ /**
+ * Creates a new instance.
+ *
+ * @param attributeTypes the collection of attirbute IDs
+ */
+ protected AbstractAttributeTypeProtectedItem( Set<AttributeType> attributeTypes )
+ {
+ this.attributeTypes = Collections.unmodifiableSet( attributeTypes );
+ }
+
+
+ /**
+ * Returns an iterator of all attribute IDs.
+ */
+ public Iterator<AttributeType> iterator()
+ {
+ return attributeTypes.iterator();
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public int hashCode()
+ {
+ int hash = 37;
+ hash = hash * 17 + attributeTypes.hashCode();
+ return hash;
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public boolean equals( Object o )
+ {
+ if ( this == o )
+ {
+ return true;
+ }
+
+ if ( o == null )
+ {
+ return false;
+ }
+
+ if ( getClass().isAssignableFrom( o.getClass() ) )
+ {
+ AbstractAttributeTypeProtectedItem that = ( AbstractAttributeTypeProtectedItem ) o;
+ return this.attributeTypes.equals( that.attributeTypes );
+ }
+
+ return false;
+ }
+
+
+ /**
+ * @see Object#toString()
+ */
+ public String toString()
+ {
+ StringBuilder buf = new StringBuilder();
+
+ buf.append( "{ " );
+ boolean isFirst = true;
+
+ for ( AttributeType attributeType : attributeTypes )
+ {
+ if ( isFirst )
+ {
+ isFirst = false;
+ }
+ else
+ {
+ buf.append( ", " );
+ }
+
+ buf.append( attributeType.getName() );
+ }
+
+ buf.append( " }" );
+
+ return buf.toString();
+ }
+}
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AllAttributeValuesItem.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AllAttributeValuesItem.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AllAttributeValuesItem.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AllAttributeValuesItem.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.ldap.aci.protectedItem;
+
+import java.util.Set;
+
+import org.apache.directory.shared.ldap.schema.AttributeType;
+
+/**
+ * All attribute value information pertaining to specific attributes.
+ */
+public class AllAttributeValuesItem extends AbstractAttributeTypeProtectedItem
+{
+ /**
+ * Creates a new instance.
+ *
+ * @param attributeTypes the collection of attribute IDs.
+ */
+ public AllAttributeValuesItem( Set<AttributeType> attributeTypes )
+ {
+ super( attributeTypes );
+ }
+
+
+ /**
+ * @see Object#toString()
+ */
+ public String toString()
+ {
+ return "allAttributeValues " + super.toString();
+ }
+}
+
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AllUserAttributeTypesAndValuesItem.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AllUserAttributeTypesAndValuesItem.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AllUserAttributeTypesAndValuesItem.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AllUserAttributeTypesAndValuesItem.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.ldap.aci.protectedItem;
+
+import org.apache.directory.shared.ldap.aci.ProtectedItem;
+
+/**
+ * All user attribute information associated with the entry, including all
+ * values of all user attributes.
+ */
+public class AllUserAttributeTypesAndValuesItem extends ProtectedItem
+{
+ /**
+ * Creates a new instance of AllUserAttributeTypesAndValuesItem.
+ */
+ public AllUserAttributeTypesAndValuesItem()
+ {
+ }
+
+
+ /**
+ * @see Object#toString()
+ */
+ public String toString()
+ {
+ return "allUserAttributeTypesAndValues";
+ }
+}
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AllUserAttributeTypesItem.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AllUserAttributeTypesItem.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AllUserAttributeTypesItem.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AllUserAttributeTypesItem.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.ldap.aci.protectedItem;
+
+import org.apache.directory.shared.ldap.aci.ProtectedItem;
+
+/**
+ * All user attribute type information associated with the entry, but not
+ * values associated with those attributes.
+ */
+public class AllUserAttributeTypesItem extends ProtectedItem
+{
+ /**
+ * Creates a new instance of AllUserAttributeTypesItem.
+ */
+ public AllUserAttributeTypesItem()
+ {
+ }
+
+
+ /**
+ * @see Object#toString()
+ */
+ public String toString()
+ {
+ return "allUserAttributeTypes";
+ }
+}
\ No newline at end of file
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AttributeTypeItem.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AttributeTypeItem.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AttributeTypeItem.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AttributeTypeItem.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.ldap.aci.protectedItem;
+
+import java.util.Set;
+
+import org.apache.directory.shared.ldap.schema.AttributeType;
+
+/**
+ * Attribute type information pertaining to specific attributes but not
+ * values associated with the type.
+ */
+public class AttributeTypeItem extends AbstractAttributeTypeProtectedItem
+{
+ /**
+ * Creates a new instance.
+ *
+ * @param attributeTypes the collection of attribute IDs.
+ */
+ public AttributeTypeItem( Set<AttributeType> attributeTypes )
+ {
+ super( attributeTypes );
+ }
+
+
+ /**
+ * @see Object#toString()
+ */
+ public String toString()
+ {
+ return "attributeType " + super.toString();
+ }
+}
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AttributeValueItem.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AttributeValueItem.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AttributeValueItem.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/AttributeValueItem.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,130 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.ldap.aci.protectedItem;
+
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.Set;
+
+import javax.naming.directory.Attribute;
+
+import org.apache.directory.shared.ldap.aci.ProtectedItem;
+import org.apache.directory.shared.ldap.entry.EntryAttribute;
+
+/**
+ * A specific value of specific attributes.
+ */
+public class AttributeValueItem extends ProtectedItem
+{
+ /** The protected Attributes */
+ private final Set<EntryAttribute> attributes;
+
+
+ /**
+ * Creates a new instance.
+ *
+ * @param attributes the collection of {@link Attribute}s.
+ */
+ public AttributeValueItem( Set<EntryAttribute> attributes )
+ {
+ this.attributes = Collections.unmodifiableSet( attributes );
+ }
+
+
+ /**
+ * Returns an iterator of all {@link Attribute}s.
+ */
+ public Iterator<EntryAttribute> iterator()
+ {
+ return attributes.iterator();
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public int hashCode()
+ {
+ int hash = 37;
+ hash = hash * 17 + attributes.hashCode();
+ return hash;
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public boolean equals( Object o )
+ {
+ if ( this == o )
+ {
+ return true;
+ }
+
+ if ( o == null )
+ {
+ return false;
+ }
+
+ if ( o instanceof AttributeValueItem )
+ {
+ AttributeValueItem that = ( AttributeValueItem ) o;
+
+ return this.attributes.equals( that.attributes );
+ }
+
+ return false;
+ }
+
+
+ /**
+ * @see Object#toString()
+ */
+ public String toString()
+ {
+ StringBuilder buf = new StringBuilder();
+
+ buf.append( "attributeValue {" );
+
+ boolean isFirst = true;
+
+ for ( EntryAttribute attribute : attributes )
+ {
+ if ( isFirst )
+ {
+ isFirst = false;
+ }
+ else
+ {
+ buf.append( ", " );
+ }
+
+ buf.append( attribute.getId() );
+ buf.append( '=' );
+ buf.append( attribute.get( 0 ) );
+ }
+
+ buf.append( " }" );
+
+ return buf.toString();
+ }
+}
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/ClassesItem.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/ClassesItem.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/ClassesItem.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/ClassesItem.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,101 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.ldap.aci.protectedItem;
+
+import org.apache.directory.shared.ldap.aci.ProtectedItem;
+import org.apache.directory.shared.ldap.filter.ExprNode;
+
+/**
+ * The contents of entries (possibly a family member) which are restricted
+ * to those that have object class values that satisfy the predicate defined
+ * by Refinement (see 12.3.5), together (in the case of an ancestor or other
+ * family member) with the entry contents as a whole of each subordinate
+ * family member entry; it does not necessarily include the information in
+ * these entries.
+ */
+public class ClassesItem extends ProtectedItem
+{
+ private final ExprNode classes;
+
+
+ /**
+ * Creates a new instance.
+ *
+ * @param classes refinement
+ */
+ public ClassesItem( ExprNode classes )
+ {
+ this.classes = classes;
+ }
+
+
+ public ExprNode getClasses()
+ {
+ return classes;
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public int hashCode()
+ {
+ int hash = 37;
+ hash = hash * 17 + getClass().getName().hashCode();
+ return hash;
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public boolean equals( Object o )
+ {
+ if ( this == o )
+ {
+ return true;
+ }
+
+ if ( o instanceof ClassesItem )
+ {
+ ClassesItem that = ( ClassesItem ) o;
+ return this.classes.equals( that.classes );
+ }
+
+ return false;
+ }
+
+
+ /**
+ * @see Object#toString()
+ */
+ public String toString()
+ {
+ StringBuilder buf = new StringBuilder();
+
+ buf.append( "classes " );
+ classes.printRefinementToBuffer( buf );
+
+ return buf.toString();
+ }
+}
+
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/EntryItem.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/EntryItem.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/EntryItem.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/EntryItem.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,49 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.ldap.aci.protectedItem;
+
+import org.apache.directory.shared.ldap.aci.ProtectedItem;
+
+/**
+ * The entry contents as a whole. In case of a family member, it also means
+ * the entry content of each subordinate family member within the same
+ * compound attribute. It does not necessarily include the information in
+ * these entries. This element shall be ignored if the classes element is
+ * present, since this latter element selects protected entries (and
+ * subordinate family members) on the basis of their object class.
+ */
+public class EntryItem extends ProtectedItem
+{
+ /**
+ * Creates a new instance of EntryItem.
+ */
+ public EntryItem()
+ {
+ }
+
+
+ /**
+ * @see Object#toString()
+ */
+ public String toString()
+ {
+ return "entry";
+ }
+}
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/MaxImmSubItem.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/MaxImmSubItem.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/MaxImmSubItem.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/MaxImmSubItem.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,83 @@
+
+package org.apache.directory.shared.ldap.aci.protectedItem;
+
+import org.apache.directory.shared.ldap.aci.ProtectedItem;
+
+
+/**
+ * Restricts the maximum number of immediate subordinates of the superior
+ * entry to an entry being added or imported. It is examined if the
+ * protected item is an entry, the permission sought is add or import, and
+ * the immediate superior entry is in the same DSA as the entry being added
+ * or imported. Immediate subordinates of the superior entry are counted
+ * without regard to context or access control as though the entry addition
+ * or importing were successful. If the number of subordinates exceeds
+ * maxImmSub, the ACI item is treated as not granting add or import access.
+ */
+public class MaxImmSubItem extends ProtectedItem
+{
+ /** The maximum number of allowed subordinates */
+ private final int value;
+
+
+ /**
+ * Creates a new instance.
+ *
+ * @param value The maximum number of immediate subordinates
+ */
+ public MaxImmSubItem( int value )
+ {
+ this.value = value;
+ }
+
+
+ /**
+ * Returns the maximum number of immediate subordinates.
+ */
+ public int getValue()
+ {
+ return value;
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public int hashCode()
+ {
+ int hash = 37;
+ hash = hash * 17 + value;
+ return hash;
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public boolean equals( Object o )
+ {
+ if ( this == o )
+ {
+ return true;
+ }
+
+ if ( o instanceof MaxImmSubItem )
+ {
+ MaxImmSubItem that = ( MaxImmSubItem ) o;
+ return this.value == that.value;
+ }
+
+ return false;
+ }
+
+
+ /**
+ * @see Object#toString()
+ */
+ public String toString()
+ {
+ return "maxImmSub " + value;
+ }
+}
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/MaxValueCountElem.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/MaxValueCountElem.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/MaxValueCountElem.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/MaxValueCountElem.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.ldap.aci.protectedItem;
+
+import org.apache.directory.shared.ldap.schema.AttributeType;
+
+
+/**
+ * An element of {@link MaxValueCount}.
+ */
+public class MaxValueCountElem
+{
+ /** The targeted AttributeType */
+ private AttributeType attributeType;
+
+ /** The maximum number of accepted values for this attributeType */
+ private int maxCount;
+
+
+ /**
+ * Creates a new instance.
+ *
+ * @param attributeType the attribute ID to limit the maximum count
+ * @param maxCount the maximum count of the attribute allowed
+ */
+
+ public MaxValueCountElem( AttributeType attributeType, int maxCount )
+ {
+ this.attributeType = attributeType;
+ this.maxCount = maxCount;
+ }
+
+
+ /**
+ * Returns the attribute to limit the maximum count.
+ */
+ public AttributeType getAttributeType()
+ {
+ return attributeType;
+ }
+
+
+ /**
+ * Returns the maximum count of the attribute allowed.
+ */
+ public int getMaxCount()
+ {
+ return maxCount;
+ }
+
+
+ /**
+ * @see Object#toString()
+ */
+ public String toString()
+ {
+ return "{ type " + attributeType.getName() + ", maxCount " + maxCount + " }";
+ }
+}
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/MaxValueCountItem.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/MaxValueCountItem.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/MaxValueCountItem.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/MaxValueCountItem.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,112 @@
+
+package org.apache.directory.shared.ldap.aci.protectedItem;
+
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.Set;
+
+import org.apache.directory.shared.ldap.aci.ProtectedItem;
+
+/**
+ * Restricts the maximum number of attribute values allowed for a specified
+ * attribute type. It is examined if the protected item is an attribute
+ * value of the specified type and the permission sought is add. Values of
+ * that attribute in the entry are counted without regard to context or
+ * access control and as though the operation which adds the values were
+ * successful. If the number of values in the attribute exceeds maxCount,
+ * the ACI item is treated as not granting add access.
+ */
+public class MaxValueCountItem extends ProtectedItem
+{
+ /** The set of elements to protect */
+ private final Set<MaxValueCountElem> items;
+
+
+ /**
+ * Creates a new instance.
+ *
+ * @param items the collection of {@link MaxValueCountElem}s.
+ */
+ public MaxValueCountItem( Set<MaxValueCountElem> items )
+ {
+ this.items = Collections.unmodifiableSet( items );
+ }
+
+
+ /**
+ * Returns an iterator of all {@link MaxValueCountElem}s.
+ */
+ public Iterator<MaxValueCountElem> iterator()
+ {
+ return items.iterator();
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public int hashCode()
+ {
+ int hash = 37;
+ hash = hash * 17 + items.hashCode();
+ return hash;
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public boolean equals( Object o )
+ {
+ if ( this == o )
+ {
+ return true;
+ }
+
+ if ( o == null )
+ {
+ return false;
+ }
+
+ if ( o instanceof MaxValueCountItem )
+ {
+ MaxValueCountItem that = ( MaxValueCountItem ) o;
+ return this.items.equals( that.items );
+ }
+
+ return false;
+ }
+
+
+ /**
+ * @see Object#toString()
+ */
+ public String toString()
+ {
+ StringBuilder buf = new StringBuilder();
+
+ buf.append( "maxValueCount {" );
+
+ boolean isFirst = true;
+
+ for ( MaxValueCountElem item : items )
+ {
+ if ( isFirst )
+ {
+ isFirst = false;
+ }
+ else
+ {
+ buf.append( ", " );
+ }
+
+ buf.append( item.toString() );
+ }
+
+ buf.append( "}" );
+
+ return buf.toString();
+ }
+}
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/RangeOfValuesItem.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/RangeOfValuesItem.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/RangeOfValuesItem.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/RangeOfValuesItem.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,104 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.ldap.aci.protectedItem;
+
+import org.apache.directory.shared.ldap.aci.ProtectedItem;
+import org.apache.directory.shared.ldap.filter.ExprNode;
+
+/**
+ * Any attribute value which matches the specified filter, i.e. for which
+ * the specified filter evaluated on that attribute value would return TRUE.
+ */
+public class RangeOfValuesItem extends ProtectedItem
+{
+ private final ExprNode refinement;
+
+
+ /**
+ * Creates a new instance.
+ *
+ * @param filter the expression
+ */
+ public RangeOfValuesItem( ExprNode refinement )
+ {
+ if ( refinement == null )
+ {
+ throw new IllegalArgumentException( "refinement" );
+ }
+
+ this.refinement = refinement;
+ }
+
+
+ /**
+ * Returns the expression.
+ */
+ public ExprNode getRefinement()
+ {
+ return refinement;
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public int hashCode()
+ {
+ int hash = 37;
+ hash = hash * 17 + refinement.hashCode();
+ return hash;
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public boolean equals( Object o )
+ {
+ if ( this == o )
+ {
+ return true;
+ }
+
+ if ( o instanceof RangeOfValuesItem )
+ {
+ RangeOfValuesItem that = ( RangeOfValuesItem ) o;
+ return this.refinement.equals( that.refinement );
+ }
+
+ return false;
+ }
+
+
+ /**
+ * @see Object#toString()
+ */
+ public String toString()
+ {
+ StringBuilder buf = new StringBuilder();
+
+ buf.append( "rangeOfValues " );
+ buf.append( refinement.toString() );
+
+ return buf.toString();
+ }
+}
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/RestrictedByElem.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/RestrictedByElem.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/RestrictedByElem.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/RestrictedByElem.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.ldap.aci.protectedItem;
+
+import org.apache.directory.shared.ldap.schema.AttributeType;
+
+
+/**
+ * An element of {@link RestrictedByItem}.
+ */
+public class RestrictedByElem
+{
+ // The AttributeType on which the restriction is applied */
+ private AttributeType attributeType;
+
+ /** The list of allowed AttributeType values */
+ private AttributeType valuesIn;
+
+
+ /**
+ * Creates a new instance.
+ *
+ * @param attributeType the attribute type to restrict
+ * @param valuesIn the attribute type only whose values are allowed in <tt>attributeType</tt>.
+ */
+ public RestrictedByElem( AttributeType attributeType, AttributeType valuesIn )
+ {
+ this.attributeType = attributeType;
+ this.valuesIn = valuesIn;
+ }
+
+
+ /**
+ * Returns the attribute type to restrict.
+ */
+ public AttributeType getAttributeType()
+ {
+ return attributeType;
+ }
+
+
+ /**
+ * Returns the attribute type only whose values are allowed in
+ * <tt>attributeType</tt>.
+ */
+ public AttributeType getValuesIn()
+ {
+ return valuesIn;
+ }
+
+
+ /**
+ * @see Object#toString()
+ */
+ public String toString()
+ {
+ return "{ type " + attributeType.getName() + ", valuesIn " + valuesIn.getName() + " }";
+ }
+}
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/RestrictedByItem.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/RestrictedByItem.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/RestrictedByItem.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/RestrictedByItem.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,131 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.ldap.aci.protectedItem;
+
+import java.util.Collections;
+import java.util.Iterator;
+import java.util.Set;
+
+import org.apache.directory.shared.ldap.aci.ProtectedItem;
+
+/**
+ * Restricts values added to the attribute type to being values that are
+ * already present in the same entry as values of the attribute valuesIn. It
+ * is examined if the protected item is an attribute value of the specified
+ * type and the permission sought is add. Values of the valuesIn attribute
+ * are checked without regard to context or access control and as though the
+ * operation which adds the values were successful. If the value to be added
+ * is not present in valuesIn the ACI item is treated as not granting add
+ * access.
+ */
+public class RestrictedByItem extends ProtectedItem
+{
+ /** The set of restricted elements */
+ private final Set<RestrictedByElem> items;
+
+
+ /**
+ * Creates a new instance.
+ *
+ * @param items the collection of {@link RestrictedByElem}s.
+ */
+ public RestrictedByItem( Set<RestrictedByElem> items )
+ {
+ this.items = Collections.unmodifiableSet( items );
+ }
+
+
+ /**
+ * Returns an iterator of all {@link RestrictedByElem}s.
+ */
+ public Iterator<RestrictedByElem> iterator()
+ {
+ return items.iterator();
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public int hashCode()
+ {
+ int hash = 37;
+ hash = hash * 17 + items.hashCode();
+ return hash;
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public boolean equals( Object o )
+ {
+ if ( this == o )
+ {
+ return true;
+ }
+
+ if ( o == null )
+ {
+ return false;
+ }
+
+ if ( o instanceof RestrictedByItem )
+ {
+ RestrictedByItem that = ( RestrictedByItem ) o;
+ return this.items.equals( that.items );
+ }
+
+ return false;
+ }
+
+
+ /**
+ * @see Object#toString()
+ */
+ public String toString()
+ {
+ StringBuilder buf = new StringBuilder();
+
+ buf.append( "restrictedBy {" );
+
+ boolean isFirst = true;
+
+ for ( RestrictedByElem item : items )
+ {
+ if ( isFirst )
+ {
+ isFirst = false;
+ }
+ else
+ {
+ buf.append( ", " );
+ }
+
+ buf.append( item.toString() );
+ }
+
+ buf.append( '}' );
+
+ return buf.toString();
+ }
+}
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/SelfValueItem.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/SelfValueItem.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/SelfValueItem.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/SelfValueItem.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.ldap.aci.protectedItem;
+
+import java.util.Set;
+
+import org.apache.directory.shared.ldap.schema.AttributeType;
+
+/**
+ * The attribute value assertion corresponding to the current requestor. The
+ * protected item selfValue applies only when the access controls are to be
+ * applied with respect to a specific authenticated user. It can only apply
+ * in the specific case where the attribute specified is of DN and the
+ * attribute value within the specified attribute matches the DN of the
+ * originator of the operation.
+ */
+public class SelfValueItem extends AbstractAttributeTypeProtectedItem
+{
+ /**
+ * Creates a new instance.
+ *
+ * @param attributeTypes the collection of attribute IDs.
+ */
+ public SelfValueItem( Set<AttributeType> attributeTypes )
+ {
+ super( attributeTypes );
+ }
+
+
+ /**
+ * @see Object#toString()
+ */
+ public String toString()
+ {
+ return "selfValue " + super.toString();
+ }
+}
+
Added: directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/schema/syntaxCheckers/ACIItemSyntaxChecker.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/schema/syntaxCheckers/ACIItemSyntaxChecker.java?rev=964361&view=auto
==============================================================================
--- directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/schema/syntaxCheckers/ACIItemSyntaxChecker.java (added)
+++ directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/schema/syntaxCheckers/ACIItemSyntaxChecker.java Thu Jul 15 10:04:06 2010
@@ -0,0 +1,116 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+package org.apache.directory.shared.ldap.schema.syntaxCheckers;
+
+import java.text.ParseException;
+
+import org.apache.directory.shared.ldap.aci.ACIItemChecker;
+import org.apache.directory.shared.ldap.constants.SchemaConstants;
+import org.apache.directory.shared.ldap.schema.SchemaManager;
+import org.apache.directory.shared.ldap.schema.SyntaxChecker;
+import org.apache.directory.shared.ldap.util.StringTools;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * A SyntaxChecker which verifies that a value is a valid ACIItem.
+ *
+ *
+ * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
+ */
+public class ACIItemSyntaxChecker extends SyntaxChecker
+{
+ /** A logger for this class */
+ private static final Logger LOG = LoggerFactory.getLogger( ACIItemSyntaxChecker.class );
+
+ /** The serialVersionUID */
+ private static final long serialVersionUID = 1L;
+
+ /** An instance of ACI Item Checker */
+ private static ACIItemChecker ACI_ITEM_CHECKER;
+
+ /**
+ * Creates a new instance of ACIItemSyntaxChecker
+ */
+ public ACIItemSyntaxChecker()
+ {
+ super( SchemaConstants.ACI_ITEM_SYNTAX );
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public boolean isValidSyntax( Object value )
+ {
+ String strValue = null;
+
+ if ( value == null )
+ {
+ LOG.debug( "Syntax invalid for 'null'" );
+ return false;
+ }
+
+ if ( value instanceof String )
+ {
+ strValue = ( String ) value;
+ }
+ else if ( value instanceof byte[] )
+ {
+ strValue = StringTools.utf8ToString( ( byte[] ) value );
+ }
+ else
+ {
+ strValue = value.toString();
+ }
+
+ if ( strValue.length() == 0 )
+ {
+ LOG.debug( "Syntax invalid for '{}'", value );
+ return false;
+ }
+
+ try
+ {
+ synchronized( ACI_ITEM_CHECKER )
+ {
+ ACI_ITEM_CHECKER.parse( strValue );
+ }
+
+ LOG.debug( "Syntax valid for '{}'", value );
+ return true;
+ }
+ catch ( ParseException pe )
+ {
+ LOG.debug( "Syntax invalid for '{}'", value );
+ return false;
+ }
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ public void setSchemaManager( SchemaManager schemaManager )
+ {
+ ACI_ITEM_CHECKER = new ACIItemChecker( schemaManager );
+ }
+}