You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by tr...@apache.org on 2005/09/22 10:21:02 UTC
svn commit: r290907 -
/directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACDFEngine.java
Author: trustin
Date: Thu Sep 22 01:20:58 2005
New Revision: 290907
URL: http://svn.apache.org/viewcvs?rev=290907&view=rev
Log:
Implementing another step in the ACDF algorithm...
Modified:
directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACDFEngine.java
Modified: directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACDFEngine.java
URL: http://svn.apache.org/viewcvs/directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACDFEngine.java?rev=290907&r1=290906&r2=290907&view=diff
==============================================================================
--- directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACDFEngine.java (original)
+++ directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACDFEngine.java Thu Sep 22 01:20:58 2005
@@ -86,20 +86,33 @@
Name entryName, String attrId, Object attrValue, Attributes entry,
Collection microOperations, Collection aciTuples )
{
- aciTuples = filterUserClasses(
+ aciTuples = removeTuplesWithoutRelatedUserClasses(
userGroupName, userName, authenticationLevel, entryName, aciTuples );
- aciTuples = filterProtectedItems( userName, entryName, attrId, attrValue, entry, aciTuples );
+ aciTuples = removeTuplesWithoutRelatedProtectedItems( userName, entryName, attrId, attrValue, entry, aciTuples );
// TODO Discard all tuples that include the maxValueCount, maxImmSub, restrictedBy which
// grant access and which don't satisfy any of these constraints
// We have to access the DIT here, but no way so far. We need discussion here.
- aciTuples = filterMicroOperation( microOperations, aciTuples );
- aciTuples = filterPrecedence( aciTuples );
+ aciTuples = removeTuplesWithoutRelatedMicroOperation( microOperations, aciTuples );
+ aciTuples = getTuplesWithHighestPrecedence( aciTuples );
+
+ if( aciTuples.size() > 1 )
+ {
+ aciTuples = getTuplesWithMostSpecificUserClasses( aciTuples );
+ if( aciTuples.size() > 1 )
+ {
+ aciTuples = getTuplesWithMostSpecificProtectedItems( aciTuples );
+ }
+ }
+
+ // TODO: Grant access if and only if one or more tuples remain and
+ // all grant access. Otherwise deny access.
+
return true;
}
- private Collection filterUserClasses(
+ private Collection removeTuplesWithoutRelatedUserClasses(
Name userGroupName, Name userName, AuthenticationLevel authenticationLevel,
Name entryName, Collection aciTuples )
{
@@ -128,7 +141,7 @@
return filteredTuples;
}
- private Collection filterProtectedItems(
+ private Collection removeTuplesWithoutRelatedProtectedItems(
Name userName,
Name entryName, String attrId, Object attrValue, Attributes entry,
Collection aciTuples )
@@ -146,7 +159,7 @@
return filteredTuples;
}
- protected Collection filterMicroOperation(
+ protected Collection removeTuplesWithoutRelatedMicroOperation(
Collection microOperations, Collection aciTuples )
{
Collection filteredTuples = new ArrayList();
@@ -174,7 +187,7 @@
return filteredTuples;
}
- private Collection filterPrecedence( Collection aciTuple )
+ private Collection getTuplesWithHighestPrecedence( Collection aciTuple )
{
Collection filteredTuples = new ArrayList();
@@ -200,6 +213,33 @@
return filteredTuples;
}
+ private Collection getTuplesWithMostSpecificUserClasses( Collection aciTuples )
+ {
+ for( Iterator i = aciTuples.iterator(); i.hasNext(); )
+ {
+ ACITuple tuple = ( ACITuple ) i.next();
+ for( Iterator j = tuple.getUserClasses().iterator(); j.hasNext(); )
+ {
+
+ }
+ }
+ return null;
+ }
+
+ private Collection getTuplesWithMostSpecificProtectedItems( Collection aciTuples )
+ {
+ for( Iterator i = aciTuples.iterator(); i.hasNext(); )
+ {
+ ACITuple tuple = ( ACITuple ) i.next();
+ for( Iterator j = tuple.getUserClasses().iterator(); j.hasNext(); )
+ {
+
+ }
+ }
+ return null;
+ }
+
+
private boolean matchUserClass( Name userGroupName, Name username, Name entryName, Collection userClasses )
{
for( Iterator i = userClasses.iterator(); i.hasNext(); )