1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.core.authz.support;
21
22
23 import java.util.Collection;
24 import java.util.Iterator;
25
26 import javax.naming.NamingException;
27
28 import org.apache.directory.server.core.entry.ServerEntry;
29 import org.apache.directory.server.core.interceptor.context.OperationContext;
30 import org.apache.directory.server.schema.registries.Registries;
31 import org.apache.directory.shared.ldap.aci.ACITuple;
32 import org.apache.directory.shared.ldap.aci.MicroOperation;
33 import org.apache.directory.shared.ldap.aci.ProtectedItem;
34 import org.apache.directory.shared.ldap.aci.ProtectedItem.MaxValueCountItem;
35 import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
36 import org.apache.directory.shared.ldap.entry.EntryAttribute;
37 import org.apache.directory.shared.ldap.entry.Value;
38 import org.apache.directory.shared.ldap.name.LdapDN;
39
40
41
42
43
44
45
46
47
48 public class MaxValueCountFilter implements ACITupleFilter
49 {
50 public Collection<ACITuple> filter(
51 Registries registries,
52 Collection<ACITuple> tuples,
53 OperationScope scope,
54 OperationContext opContext,
55 Collection<LdapDN> userGroupNames,
56 LdapDN userName,
57 ServerEntry userEntry,
58 AuthenticationLevel authenticationLevel,
59 LdapDN entryName,
60 String attrId,
61 Value<?> attrValue,
62 ServerEntry entry,
63 Collection<MicroOperation> microOperations,
64 ServerEntry entryView )
65 throws NamingException
66 {
67 if ( scope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE )
68 {
69 return tuples;
70 }
71
72 if ( tuples.size() == 0 )
73 {
74 return tuples;
75 }
76
77 for ( Iterator<ACITuple> i = tuples.iterator(); i.hasNext(); )
78 {
79 ACITuple tuple = i.next();
80
81 if ( !tuple.isGrant() )
82 {
83 continue;
84 }
85
86 for ( Iterator<ProtectedItem> j = tuple.getProtectedItems().iterator(); j.hasNext(); )
87 {
88 ProtectedItem item = j.next();
89
90 if ( item instanceof ProtectedItem.MaxValueCount )
91 {
92 ProtectedItem.MaxValueCount mvc = ( ProtectedItem.MaxValueCount ) item;
93
94 if ( isRemovable( mvc, attrId, entryView ) )
95 {
96 i.remove();
97 break;
98 }
99 }
100 }
101 }
102
103 return tuples;
104 }
105
106
107 private boolean isRemovable( ProtectedItem.MaxValueCount mvc, String attrId, ServerEntry entryView ) throws NamingException
108 {
109 for ( Iterator<ProtectedItem.MaxValueCountItem> k = mvc.iterator(); k.hasNext(); )
110 {
111 MaxValueCountItem mvcItem = k.next();
112 if ( attrId.equalsIgnoreCase( mvcItem.getAttributeType() ) )
113 {
114 EntryAttribute attr = entryView.get( attrId );
115 int attrCount = attr == null ? 0 : attr.size();
116
117 if ( attrCount > mvcItem.getMaxCount() )
118 {
119 return true;
120 }
121 }
122 }
123
124 return false;
125 }
126
127 }