1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.core.authz.support;
21
22
23 import java.util.ArrayList;
24 import java.util.Collection;
25
26 import javax.naming.NamingException;
27
28 import org.apache.directory.server.core.entry.ServerEntry;
29 import org.apache.directory.server.core.interceptor.context.OperationContext;
30 import org.apache.directory.server.schema.registries.Registries;
31 import org.apache.directory.shared.ldap.aci.ACITuple;
32 import org.apache.directory.shared.ldap.aci.MicroOperation;
33 import org.apache.directory.shared.ldap.aci.UserClass;
34 import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
35 import org.apache.directory.shared.ldap.entry.Value;
36 import org.apache.directory.shared.ldap.name.LdapDN;
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52 public class MostSpecificUserClassFilter implements ACITupleFilter
53 {
54 public Collection<ACITuple> filter(
55 Registries registries,
56 Collection<ACITuple> tuples,
57 OperationScope scope,
58 OperationContext opContext,
59 Collection<LdapDN> userGroupNames,
60 LdapDN userName,
61 ServerEntry userEntry,
62 AuthenticationLevel authenticationLevel,
63 LdapDN entryName,
64 String attrId,
65 Value<?> attrValue,
66 ServerEntry entry,
67 Collection<MicroOperation> microOperations,
68 ServerEntry entryView )
69 throws NamingException
70 {
71 if ( tuples.size() <= 1 )
72 {
73 return tuples;
74 }
75
76 Collection<ACITuple> filteredTuples = new ArrayList<ACITuple>();
77
78
79
80 for ( ACITuple tuple:tuples )
81 {
82 for ( UserClass userClass:tuple.getUserClasses() )
83 {
84 if ( userClass instanceof UserClass.Name || userClass instanceof UserClass.ThisEntry )
85 {
86 filteredTuples.add( tuple );
87 break;
88 }
89 }
90 }
91
92 if ( filteredTuples.size() > 0 )
93 {
94 return filteredTuples;
95 }
96
97
98
99 for ( ACITuple tuple:tuples )
100 {
101 for ( UserClass userClass:tuple.getUserClasses() )
102 {
103 if ( userClass instanceof UserClass.UserGroup )
104 {
105 filteredTuples.add( tuple );
106 break;
107 }
108 }
109 }
110
111 if ( filteredTuples.size() > 0 )
112 {
113 return filteredTuples;
114 }
115
116
117
118 for ( ACITuple tuple:tuples )
119 {
120 for ( UserClass userClass:tuple.getUserClasses() )
121 {
122 if ( userClass instanceof UserClass.Subtree )
123 {
124 filteredTuples.add( tuple );
125 break;
126 }
127 }
128 }
129
130 if ( filteredTuples.size() > 0 )
131 {
132 return filteredTuples;
133 }
134
135 return tuples;
136 }
137
138 }