1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.core.authz.support;
21
22
23 import java.util.Collection;
24 import java.util.Iterator;
25
26 import javax.naming.NamingException;
27
28 import org.apache.directory.server.core.entry.ServerEntry;
29 import org.apache.directory.server.core.interceptor.context.OperationContext;
30 import org.apache.directory.server.schema.registries.Registries;
31 import org.apache.directory.shared.ldap.aci.ACITuple;
32 import org.apache.directory.shared.ldap.aci.MicroOperation;
33 import org.apache.directory.shared.ldap.aci.ProtectedItem;
34 import org.apache.directory.shared.ldap.aci.ProtectedItem.RestrictedByItem;
35 import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
36 import org.apache.directory.shared.ldap.entry.EntryAttribute;
37 import org.apache.directory.shared.ldap.entry.Value;
38 import org.apache.directory.shared.ldap.name.LdapDN;
39
40
41
42
43
44
45
46
47
48 public class RestrictedByFilter implements ACITupleFilter
49 {
50 public Collection<ACITuple> filter(
51 Registries registries,
52 Collection<ACITuple> tuples,
53 OperationScope scope,
54 OperationContext opContext,
55 Collection<LdapDN> userGroupNames,
56 LdapDN userName,
57 ServerEntry userEntry,
58 AuthenticationLevel authenticationLevel,
59 LdapDN entryName,
60 String attrId,
61 Value<?> attrValue,
62 ServerEntry entry,
63 Collection<MicroOperation> microOperations,
64 ServerEntry entryView )
65 throws NamingException
66 {
67 if ( scope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE )
68 {
69 return tuples;
70 }
71
72 if ( tuples.size() == 0 )
73 {
74 return tuples;
75 }
76
77 for ( Iterator<ACITuple> ii = tuples.iterator() ; ii.hasNext(); )
78 {
79 ACITuple tuple = ii.next();
80
81 if ( !tuple.isGrant() )
82 {
83 continue;
84 }
85
86 if ( isRemovable( tuple, attrId, attrValue, entry ) )
87 {
88 ii.remove();
89 }
90 }
91
92 return tuples;
93 }
94
95
96 public boolean isRemovable( ACITuple tuple, String attrId, Value<?> attrValue, ServerEntry entry ) throws NamingException
97 {
98 for ( ProtectedItem item : tuple.getProtectedItems() )
99 {
100 if ( item instanceof ProtectedItem.RestrictedBy )
101 {
102 ProtectedItem.RestrictedBy rb = ( ProtectedItem.RestrictedBy ) item;
103
104 for ( Iterator<RestrictedByItem> k = rb.iterator(); k.hasNext(); )
105 {
106 RestrictedByItem rbItem = k.next();
107
108
109 if ( attrId.equalsIgnoreCase( rbItem.getAttributeType() ) )
110 {
111 EntryAttribute attr = entry.get( rbItem.getValuesIn() );
112
113
114 if ( ( attr == null ) || !attr.contains( attrValue ) )
115 {
116 return true;
117 }
118 }
119 }
120 }
121 }
122
123 return false;
124 }
125 }