You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by tr...@apache.org on 2005/09/22 10:21:02 UTC
svn commit: r290907 - /directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACDFEngine.java

Author: trustin
Date: Thu Sep 22 01:20:58 2005
New Revision: 290907

URL: http://svn.apache.org/viewcvs?rev=290907&view=rev
Log:
Implementing another step in the ACDF algorithm...

Modified:
    directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACDFEngine.java

Modified: directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACDFEngine.java
URL: http://svn.apache.org/viewcvs/directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACDFEngine.java?rev=290907&r1=290906&r2=290907&view=diff
==============================================================================
--- directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACDFEngine.java (original)
+++ directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACDFEngine.java Thu Sep 22 01:20:58 2005
@@ -86,20 +86,33 @@
             Name entryName, String attrId, Object attrValue, Attributes entry,
             Collection microOperations, Collection aciTuples ) 
     {
-        aciTuples = filterUserClasses(
+        aciTuples = removeTuplesWithoutRelatedUserClasses(
                 userGroupName, userName, authenticationLevel, entryName, aciTuples );
-        aciTuples = filterProtectedItems( userName, entryName, attrId, attrValue, entry, aciTuples );
+        aciTuples = removeTuplesWithoutRelatedProtectedItems( userName, entryName, attrId, attrValue, entry, aciTuples );
         
         // TODO Discard all tuples that include the maxValueCount, maxImmSub, restrictedBy which
         // grant access and which don't satisfy any of these constraints
         // We have to access the DIT here, but no way so far.  We need discussion here.
         
-        aciTuples = filterMicroOperation( microOperations, aciTuples );
-        aciTuples = filterPrecedence( aciTuples );
+        aciTuples = removeTuplesWithoutRelatedMicroOperation( microOperations, aciTuples );
+        aciTuples = getTuplesWithHighestPrecedence( aciTuples );
+        
+        if( aciTuples.size() > 1 )
+        {
+            aciTuples = getTuplesWithMostSpecificUserClasses( aciTuples );
+            if( aciTuples.size() > 1 )
+            {
+                aciTuples = getTuplesWithMostSpecificProtectedItems( aciTuples );
+            }
+        }
+        
+        // TODO: Grant access if and only if one or more tuples remain and
+        // all grant access. Otherwise deny access.
+        
         return true;
     }
     
-    private Collection filterUserClasses(
+    private Collection removeTuplesWithoutRelatedUserClasses(
             Name userGroupName, Name userName, AuthenticationLevel authenticationLevel,
             Name entryName, Collection aciTuples )
     {
@@ -128,7 +141,7 @@
         return filteredTuples;
     }
     
-    private Collection filterProtectedItems(
+    private Collection removeTuplesWithoutRelatedProtectedItems(
             Name userName,
             Name entryName, String attrId, Object attrValue, Attributes entry,
             Collection aciTuples )
@@ -146,7 +159,7 @@
         return filteredTuples;
     }
     
-    protected Collection filterMicroOperation(
+    protected Collection removeTuplesWithoutRelatedMicroOperation(
             Collection microOperations, Collection aciTuples )
     {
         Collection filteredTuples = new ArrayList();
@@ -174,7 +187,7 @@
         return filteredTuples;
     }
     
-    private Collection filterPrecedence( Collection aciTuple )
+    private Collection getTuplesWithHighestPrecedence( Collection aciTuple )
     {
         Collection filteredTuples = new ArrayList();
         
@@ -200,6 +213,33 @@
         return filteredTuples;
     }
     
+    private Collection getTuplesWithMostSpecificUserClasses( Collection aciTuples )
+    {
+        for( Iterator i = aciTuples.iterator(); i.hasNext(); )
+        {
+            ACITuple tuple = ( ACITuple ) i.next();
+            for( Iterator j = tuple.getUserClasses().iterator(); j.hasNext(); )
+            {
+            
+            }
+        }
+        return null;
+    }
+    
+    private Collection getTuplesWithMostSpecificProtectedItems( Collection aciTuples )
+    {
+        for( Iterator i = aciTuples.iterator(); i.hasNext(); )
+        {
+            ACITuple tuple = ( ACITuple ) i.next();
+            for( Iterator j = tuple.getUserClasses().iterator(); j.hasNext(); )
+            {
+            
+            }
+        }
+        return null;
+    }
+    
+
     private boolean matchUserClass( Name userGroupName, Name username, Name entryName, Collection userClasses )
     {
         for( Iterator i = userClasses.iterator(); i.hasNext(); )