You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by tr...@apache.org on 2005/09/21 10:47:26 UTC

svn commit: r290657 - /directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACDFEngine.java

Author: trustin
Date: Wed Sep 21 01:47:22 2005
New Revision: 290657

URL: http://svn.apache.org/viewcvs?rev=290657&view=rev
Log:
Implemented more filtering steps:
* Discard tuples which don't contain appropriate microOperations
* Discard tuples with low precedence

Modified:
    directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACDFEngine.java

Modified: directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACDFEngine.java
URL: http://svn.apache.org/viewcvs/directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACDFEngine.java?rev=290657&r1=290656&r2=290657&view=diff
==============================================================================
--- directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACDFEngine.java (original)
+++ directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACDFEngine.java Wed Sep 21 01:47:22 2005
@@ -89,6 +89,13 @@
         aciTuples = filterUserClasses(
                 userGroupName, userName, authenticationLevel, entryName, aciTuples );
         aciTuples = filterProtectedItems( userName, entryName, attrId, attrValue, entry, aciTuples );
+        
+        // TODO Discard all tuples that include the maxValueCount, maxImmSub, restrictedBy which
+        // grant access and which don't satisfy any of these constraints
+        // We have to access the DIT here, but no way so far.  We need discussion here.
+        
+        aciTuples = filterMicroOperation( microOperations, aciTuples );
+        aciTuples = filterPrecedence( aciTuples );
         return true;
     }
     
@@ -134,6 +141,60 @@
             {
                 filteredTuples.add( tuple );
             }
+        }
+        
+        return filteredTuples;
+    }
+    
+    protected Collection filterMicroOperation(
+            Collection microOperations, Collection aciTuples )
+    {
+        Collection filteredTuples = new ArrayList();
+
+        for( Iterator i = aciTuples.iterator(); i.hasNext(); )
+        {
+            ACITuple tuple = ( ACITuple ) i.next();
+            boolean retain = false;
+            for( Iterator j = microOperations.iterator(); j.hasNext(); )
+            {
+                MicroOperation microOp = ( MicroOperation ) j.next();
+                if( tuple.getMicroOperations().contains( microOp ) )
+                {
+                    retain = true;
+                    break;
+                }
+            }
+            
+            if( retain )
+            {
+                filteredTuples.add( tuple );
+            }
+        }
+        
+        return filteredTuples;
+    }
+    
+    private Collection filterPrecedence( Collection aciTuple )
+    {
+        Collection filteredTuples = new ArrayList();
+        
+        int maxPrecedence = -1;
+        for( Iterator i = aciTuple.iterator(); i.hasNext(); )
+        {
+            ACITuple tuple = ( ACITuple ) i.next();
+            if( tuple.getPrecedence() > maxPrecedence ) 
+            {
+                maxPrecedence = tuple.getPrecedence();
+            }
+        }
+        
+        for( Iterator i = aciTuple.iterator(); i.hasNext(); )
+        {
+            ACITuple tuple = ( ACITuple ) i.next();
+            if( tuple.getPrecedence() == maxPrecedence ) 
+            {
+                filteredTuples.add( tuple );
+            }            
         }
         
         return filteredTuples;