You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by tr...@apache.org on 2005/09/21 10:47:26 UTC
svn commit: r290657 -
/directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACDFEngine.java
Author: trustin
Date: Wed Sep 21 01:47:22 2005
New Revision: 290657
URL: http://svn.apache.org/viewcvs?rev=290657&view=rev
Log:
Implemented more filtering steps:
* Discard tuples which don't contain appropriate microOperations
* Discard tuples with low precedence
Modified:
directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACDFEngine.java
Modified: directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACDFEngine.java
URL: http://svn.apache.org/viewcvs/directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACDFEngine.java?rev=290657&r1=290656&r2=290657&view=diff
==============================================================================
--- directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACDFEngine.java (original)
+++ directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACDFEngine.java Wed Sep 21 01:47:22 2005
@@ -89,6 +89,13 @@
aciTuples = filterUserClasses(
userGroupName, userName, authenticationLevel, entryName, aciTuples );
aciTuples = filterProtectedItems( userName, entryName, attrId, attrValue, entry, aciTuples );
+
+ // TODO Discard all tuples that include the maxValueCount, maxImmSub, restrictedBy which
+ // grant access and which don't satisfy any of these constraints
+ // We have to access the DIT here, but no way so far. We need discussion here.
+
+ aciTuples = filterMicroOperation( microOperations, aciTuples );
+ aciTuples = filterPrecedence( aciTuples );
return true;
}
@@ -134,6 +141,60 @@
{
filteredTuples.add( tuple );
}
+ }
+
+ return filteredTuples;
+ }
+
+ protected Collection filterMicroOperation(
+ Collection microOperations, Collection aciTuples )
+ {
+ Collection filteredTuples = new ArrayList();
+
+ for( Iterator i = aciTuples.iterator(); i.hasNext(); )
+ {
+ ACITuple tuple = ( ACITuple ) i.next();
+ boolean retain = false;
+ for( Iterator j = microOperations.iterator(); j.hasNext(); )
+ {
+ MicroOperation microOp = ( MicroOperation ) j.next();
+ if( tuple.getMicroOperations().contains( microOp ) )
+ {
+ retain = true;
+ break;
+ }
+ }
+
+ if( retain )
+ {
+ filteredTuples.add( tuple );
+ }
+ }
+
+ return filteredTuples;
+ }
+
+ private Collection filterPrecedence( Collection aciTuple )
+ {
+ Collection filteredTuples = new ArrayList();
+
+ int maxPrecedence = -1;
+ for( Iterator i = aciTuple.iterator(); i.hasNext(); )
+ {
+ ACITuple tuple = ( ACITuple ) i.next();
+ if( tuple.getPrecedence() > maxPrecedence )
+ {
+ maxPrecedence = tuple.getPrecedence();
+ }
+ }
+
+ for( Iterator i = aciTuple.iterator(); i.hasNext(); )
+ {
+ ACITuple tuple = ( ACITuple ) i.next();
+ if( tuple.getPrecedence() == maxPrecedence )
+ {
+ filteredTuples.add( tuple );
+ }
}
return filteredTuples;