1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.core.authz.support;
21
22
23 import java.util.ArrayList;
24 import java.util.Collection;
25
26 import javax.naming.NamingException;
27
28 import org.apache.directory.server.core.entry.ServerEntry;
29 import org.apache.directory.server.core.interceptor.context.OperationContext;
30 import org.apache.directory.server.schema.registries.Registries;
31 import org.apache.directory.shared.ldap.aci.ACITuple;
32 import org.apache.directory.shared.ldap.aci.MicroOperation;
33 import org.apache.directory.shared.ldap.aci.ProtectedItem;
34 import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
35 import org.apache.directory.shared.ldap.entry.Value;
36 import org.apache.directory.shared.ldap.name.LdapDN;
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54 public class MostSpecificProtectedItemFilter implements ACITupleFilter
55 {
56 public Collection<ACITuple> filter(
57 Registries registries,
58 Collection<ACITuple> tuples,
59 OperationScope scope,
60 OperationContext opContext,
61 Collection<LdapDN> userGroupNames,
62 LdapDN userName,
63 ServerEntry userEntry,
64 AuthenticationLevel authenticationLevel,
65 LdapDN entryName,
66 String attrId,
67 Value<?> attrValue,
68 ServerEntry entry,
69 Collection<MicroOperation> microOperations,
70 ServerEntry entryView )
71 throws NamingException
72 {
73 if ( tuples.size() <= 1 )
74 {
75 return tuples;
76 }
77
78 Collection<ACITuple> filteredTuples = new ArrayList<ACITuple>();
79
80
81
82 for ( ACITuple tuple:tuples )
83 {
84 for ( ProtectedItem item:tuple.getProtectedItems() )
85 {
86 if ( item instanceof ProtectedItem.AttributeType || item instanceof ProtectedItem.AllAttributeValues
87 || item instanceof ProtectedItem.SelfValue || item instanceof ProtectedItem.AttributeValue )
88 {
89 filteredTuples.add( tuple );
90 break;
91 }
92 }
93 }
94
95 if ( filteredTuples.size() > 0 )
96 {
97 return filteredTuples;
98 }
99
100
101
102
103
104 for ( ACITuple tuple:tuples )
105 {
106 for ( ProtectedItem item:tuple.getProtectedItems() )
107 {
108 if ( item instanceof ProtectedItem.RangeOfValues )
109 {
110 filteredTuples.add( tuple );
111 }
112 }
113 }
114
115 if ( filteredTuples.size() > 0 )
116 {
117 return filteredTuples;
118 }
119
120 return tuples;
121 }
122 }