directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From trus...@apache.org
Subject svn commit: r290310 - in /directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl: ACDFEngine.java ACIItem.java ACITuple.java GrantAndDenial.java ItemFirstACIItem.java MicroOperation.java UserFirstACIItem.java
Date Mon, 19 Sep 2005 23:36:48 GMT
Author: trustin
Date: Mon Sep 19 16:36:40 2005
New Revision: 290310

URL: http://svn.apache.org/viewcvs?rev=290310&view=rev
Log:
* Added MicroOperation 
* GrantAndDenial now uses MicroOperation
* ACITuple now accepts a collection of MicroOperations and grant flag instead of a collection
of GrantsAndDenials
* Users should specify a collection of MicroOperations instead of a collection of Grants.

Added:
    directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/MicroOperation.java
  (with props)
Modified:
    directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACDFEngine.java
    directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACIItem.java
    directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACITuple.java
    directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/GrantAndDenial.java
    directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ItemFirstACIItem.java
    directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/UserFirstACIItem.java

Modified: directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACDFEngine.java
URL: http://svn.apache.org/viewcvs/directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACDFEngine.java?rev=290310&r1=290309&r2=290310&view=diff
==============================================================================
--- directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACDFEngine.java
(original)
+++ directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACDFEngine.java
Mon Sep 19 16:36:40 2005
@@ -15,7 +15,9 @@
  */
 package org.apache.ldap.common.acl;
 
+import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Iterator;
 
 import javax.naming.Name;
 import javax.naming.directory.Attributes;
@@ -33,6 +35,7 @@
      * (entry, attribute type, or attribute value) and throws {@link LdapNoPermissionException}
      * if the user doesn't have any permission to perform the specified grants.
      *  
+     * @param userGroupName the DN of the group of the user who is trying to access the resource
      * @param username the DN of the user who is trying to access the resource
      * @param entryName the DN of the entry the user is trying to access 
      * @param attrId the attribute type of the attribute the user is trying to access.
@@ -40,17 +43,19 @@
      * @param attrValue the attribute value of the attribute the user is trying to access.
      *                  <tt>null</tt> if the user is not accessing a specific
attribute value.
      * @param entry the attributes of the entry
-     * @param requiredGrants the required grants to perform the operation
+     * @param microOperations the {@link MicroOperation}s to perform
      * @param aciTuples {@link ACITuple}s translated from {@link ACIItem}s in the subtree
entries
      * @throws LdapNoPermissionException if user don't have enough permission to perform
the operation
      */
     public void checkPermission(
-            Name username,
+            Name userGroupName, Name username, AuthenticationLevel authenticationLevel,
             Name entryName, String attrId, Object attrValue, Attributes entry,
-            Collection requiredGrants, Collection aciTuples ) throws LdapNoPermissionException

+            Collection microOperations, Collection aciTuples ) throws LdapNoPermissionException

     {
-        if( !hasPermission( username, entryName, attrId, attrValue, entry,
-                requiredGrants, aciTuples ) )
+        if( !hasPermission(
+                userGroupName, username, authenticationLevel,
+                entryName, attrId, attrValue, entry,
+                microOperations, aciTuples ) )
         {
             throw new LdapNoPermissionException();
         }
@@ -61,6 +66,7 @@
      * (entry, attribute type, or attribute value) and throws {@link LdapNoPermissionException}
      * if the user doesn't have any permission to perform the specified grants.
      *  
+     * @param userGroupName the DN of the group of the user who is trying to access the resource
      * @param username the DN of the user who is trying to access the resource
      * @param entryName the DN of the entry the user is trying to access 
      * @param attrId the attribute type of the attribute the user is trying to access.
@@ -68,14 +74,87 @@
      * @param attrValue the attribute value of the attribute the user is trying to access.
      *                  <tt>null</tt> if the user is not accessing a specific
attribute value.
      * @param entry the attributes of the entry
-     * @param requiredGrants the required grants to perform the operation
+     * @param microOperations the {@link MicroOperation}s to perform
      * @param aciTuples {@link ACITuple}s translated from {@link ACIItem}s in the subtree
entries
      */
     public boolean hasPermission(
-            Name username,
+            Name userGroupName, Name username, AuthenticationLevel authenticationLevel,
             Name entryName, String attrId, Object attrValue, Attributes entry,
-            Collection requiredGrants, Collection aciTuples ) 
+            Collection microOperations, Collection aciTuples ) 
     {
+        aciTuples = filterUserClasses(
+                userGroupName, username, authenticationLevel, entryName, aciTuples );
+        //aciTuples = filterProtectedItems();
         return true;
+    }
+    
+    private Collection filterUserClasses(
+            Name userGroupName, Name username, AuthenticationLevel authenticationLevel,
+            Name entryName, Collection aciTuples )
+    {
+        Collection filteredTuples = new ArrayList( aciTuples );
+        for( Iterator i = aciTuples.iterator(); i.hasNext(); )
+        {
+            ACITuple tuple = ( ACITuple ) i.next();
+            if( tuple.isGrant() )
+            {
+                if( !matchUserClass( userGroupName, username, entryName, tuple.getUserClasses()
) ||
+                        authenticationLevel.compareTo( tuple.getAuthenticationLevel() ) <
0 )
+                {
+                    i.remove();
+                }
+            }
+            else // Denials
+            {
+                if( !matchUserClass( userGroupName, username, entryName, tuple.getUserClasses()
) &&
+                        authenticationLevel.compareTo( tuple.getAuthenticationLevel() ) >=
0 )
+                {
+                    i.remove();
+                }
+            }
+        }
+        
+        return filteredTuples;
+    }
+    
+    private boolean matchUserClass( Name userGroupName, Name username, Name entryName, Collection
userClasses )
+    {
+        for( Iterator i = userClasses.iterator(); i.hasNext(); )
+        {
+            UserClass userClass = ( UserClass ) i.next();
+            if( userClass == UserClass.ALL_USERS )
+            {
+                return true;
+            }
+            else if( userClass == UserClass.THIS_ENTRY )
+            {
+                if( username.equals( entryName ) )
+                {
+                    return true;
+                }
+            }
+            else if( userClass instanceof UserClass.Name )
+            {
+                UserClass.Name nameUserClass = ( UserClass.Name ) userClass;
+                if( nameUserClass.getNames().contains( username ) )
+                {
+                    return true;
+                }
+            }
+            else if( userClass instanceof UserClass.UserGroup )
+            {
+                UserClass.UserGroup userGroupUserClass = ( UserClass.UserGroup ) userClass;
+                if( userGroupName != null && userGroupUserClass.getNames().contains(
userGroupName ) )
+                {
+                    return true;
+                }
+            }
+            else if( userClass instanceof UserClass.Subtree )
+            {
+                // FIXME I don't know what to do in case of subtree userClass.
+            }
+        }
+
+        return false;
     }
 }

Modified: directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACIItem.java
URL: http://svn.apache.org/viewcvs/directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACIItem.java?rev=290310&r1=290309&r2=290310&view=diff
==============================================================================
--- directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACIItem.java (original)
+++ directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACIItem.java Mon
Sep 19 16:36:40 2005
@@ -20,6 +20,9 @@
 
 import java.io.Serializable;
 import java.util.Collection;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
 
 public abstract class ACIItem implements Serializable
 {
@@ -67,4 +70,14 @@
     }
     
     public abstract Collection toTuples();
+
+    protected static Set toMicroOperations( Set grantsAndDenials )
+    {
+        Set microOps = new HashSet();
+        for( Iterator j = grantsAndDenials.iterator(); j.hasNext(); )
+        {
+            microOps.add( ( ( GrantAndDenial ) j.next() ).getMicroOperation() );
+        }
+        return microOps;
+    }
 }

Modified: directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACITuple.java
URL: http://svn.apache.org/viewcvs/directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACITuple.java?rev=290310&r1=290309&r2=290310&view=diff
==============================================================================
--- directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACITuple.java (original)
+++ directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ACITuple.java Mon
Sep 19 16:36:40 2005
@@ -33,16 +33,17 @@
     private final Collection userClasses;
     private final AuthenticationLevel authenticationLevel;
     private final Collection protectedItems;
-    private final Set grantsAndDenials;
+    private final Set microOperations;
+    private final boolean grant;
     private final int precedence;
     
     public ACITuple(
             Collection userClasses, AuthenticationLevel authenticationLevel,
-            Collection protectedItems, Set grantsAndDenials, int precedence )
+            Collection protectedItems, Set microOperations, boolean grant, int precedence
)
     {
         for( Iterator i = userClasses.iterator(); i.hasNext(); )
         {
-            if( !UserClass.class.isAssignableFrom( i.next().getClass() ) )
+            if( !( i.next() instanceof UserClass ) )
             {
                 throw new IllegalArgumentException(
                         "userClasses contains an element which is not a user classs." );
@@ -51,19 +52,19 @@
         
         for( Iterator i = protectedItems.iterator(); i.hasNext(); )
         {
-            if( !ProtectedItem.class.isAssignableFrom( i.next().getClass() ) )
+            if( !( i.next() instanceof ProtectedItem ) )
             {
                 throw new IllegalArgumentException(
                         "protectedItems contains an element which is not a protected item."
);
             }
         }
 
-        for( Iterator i = grantsAndDenials.iterator(); i.hasNext(); )
+        for( Iterator i = microOperations.iterator(); i.hasNext(); )
         {
-            if( !GrantAndDenial.class.isAssignableFrom( i.next().getClass() ) )
+            if( !( i.next() instanceof MicroOperation ) )
             {
                 throw new IllegalArgumentException(
-                        "grantsAndDenials contains an element which is not a grant or a denial."
);
+                        "microOperations contains an element which is not a micro operation."
);
             }
         }
         
@@ -80,7 +81,8 @@
         this.userClasses = Collections.unmodifiableCollection( new ArrayList( userClasses
) );
         this.authenticationLevel = authenticationLevel;
         this.protectedItems = Collections.unmodifiableCollection( new ArrayList( protectedItems
) );
-        this.grantsAndDenials = Collections.unmodifiableSet( new HashSet( grantsAndDenials
) );
+        this.microOperations = Collections.unmodifiableSet( new HashSet( microOperations
) );
+        this.grant = grant;
         this.precedence = precedence;
     }
     
@@ -99,9 +101,14 @@
         return protectedItems;
     }
     
-    public Set getGrantsAndDenials()
+    public Set getMicroOperations()
     {
-        return grantsAndDenials; 
+        return microOperations; 
+    }
+    
+    public boolean isGrant()
+    {
+        return grant;
     }
     
     public int getPrecedence()
@@ -114,7 +121,7 @@
         return "ACITuple: userClasses=" + userClasses + ", " +
                "authenticationLevel=" + authenticationLevel + ", " +
                "protectedItems=" + protectedItems + ", " +
-               "grantsAndDenials=" + grantsAndDenials + ", " +
+               ( grant? "grants=" : "denials=" ) + microOperations + ", " +
                "precedence=" + precedence;
     }
 }

Modified: directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/GrantAndDenial.java
URL: http://svn.apache.org/viewcvs/directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/GrantAndDenial.java?rev=290310&r1=290309&r2=290310&view=diff
==============================================================================
--- directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/GrantAndDenial.java
(original)
+++ directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/GrantAndDenial.java
Mon Sep 19 16:36:40 2005
@@ -22,57 +22,64 @@
 {
     // Permissions that may be used in conjunction with any component of
     // <tt>ProtectedItem</tt>s.
-    public static final GrantAndDenial GRANT_ADD = new GrantAndDenial( 0, "grantAdd", true
);
-    public static final GrantAndDenial DENY_ADD = new GrantAndDenial( 1, "denyAdd", false
);
-    public static final GrantAndDenial GRANT_DISCLOSE_ON_ERROR = new GrantAndDenial( 2, "grantDiscloseOnError",
true );
-    public static final GrantAndDenial DENY_DISCLOSE_ON_ERROR = new GrantAndDenial( 3, "denyDiscloseOnError",
false );
-    public static final GrantAndDenial GRANT_READ = new GrantAndDenial( 4, "grantRead", true
);
-    public static final GrantAndDenial DENY_READ = new GrantAndDenial( 5, "denyRead", false
);
-    public static final GrantAndDenial GRANT_REMOVE = new GrantAndDenial( 6, "grantRemove",
true );
-    public static final GrantAndDenial DENY_REMOVE = new GrantAndDenial( 7, "denyRemove",
false );
+    public static final GrantAndDenial GRANT_ADD = new GrantAndDenial( MicroOperation.ADD,
0, true );
+    public static final GrantAndDenial DENY_ADD = new GrantAndDenial( MicroOperation.ADD,
1, false );
+    public static final GrantAndDenial GRANT_DISCLOSE_ON_ERROR = new GrantAndDenial( MicroOperation.DISCLOSE_ON_ERROR,
2, true );
+    public static final GrantAndDenial DENY_DISCLOSE_ON_ERROR = new GrantAndDenial( MicroOperation.DISCLOSE_ON_ERROR,
3, false );
+    public static final GrantAndDenial GRANT_READ = new GrantAndDenial( MicroOperation.READ,
4, true );
+    public static final GrantAndDenial DENY_READ = new GrantAndDenial( MicroOperation.READ,
5, false );
+    public static final GrantAndDenial GRANT_REMOVE = new GrantAndDenial( MicroOperation.REMOVE,
6, true );
+    public static final GrantAndDenial DENY_REMOVE = new GrantAndDenial( MicroOperation.REMOVE,
7, false );
     
     // Permissions that may be used only in conjunction with the entry component.
-    public static final GrantAndDenial GRANT_BROWSE = new GrantAndDenial( 8, "grantBrowse",
true );
-    public static final GrantAndDenial DENY_BROWSE = new GrantAndDenial( 9, "denyBrowse",
false );
-    public static final GrantAndDenial GRANT_EXPORT = new GrantAndDenial( 10, "grantExport",
true );
-    public static final GrantAndDenial DENY_EXPORT = new GrantAndDenial( 11, "denyExport",
false );
-    public static final GrantAndDenial GRANT_IMPORT = new GrantAndDenial( 12, "grantImport",
true );
-    public static final GrantAndDenial DENY_IMPORT = new GrantAndDenial( 13, "denyImport",
false );
-    public static final GrantAndDenial GRANT_MODIFY = new GrantAndDenial( 14, "grantModify",
true );
-    public static final GrantAndDenial DENY_MODIFY = new GrantAndDenial( 15, "denyModify",
false );
-    public static final GrantAndDenial GRANT_RENAME = new GrantAndDenial( 16, "grantRename",
true );
-    public static final GrantAndDenial DENY_RENAME = new GrantAndDenial( 17, "denyRename",
false );
-    public static final GrantAndDenial GRANT_RETURN_DN = new GrantAndDenial( 18, "grantReturnDN",
true );
-    public static final GrantAndDenial DENY_RETURN_DN = new GrantAndDenial( 19, "denyReturnDN",
false );
+    public static final GrantAndDenial GRANT_BROWSE = new GrantAndDenial( MicroOperation.BROWSE,
8, true );
+    public static final GrantAndDenial DENY_BROWSE = new GrantAndDenial( MicroOperation.BROWSE,
9, false );
+    public static final GrantAndDenial GRANT_EXPORT = new GrantAndDenial( MicroOperation.EXPORT,
10, true );
+    public static final GrantAndDenial DENY_EXPORT = new GrantAndDenial( MicroOperation.EXPORT,
11, false );
+    public static final GrantAndDenial GRANT_IMPORT = new GrantAndDenial( MicroOperation.IMPORT,
12, true );
+    public static final GrantAndDenial DENY_IMPORT = new GrantAndDenial( MicroOperation.IMPORT,
13, false );
+    public static final GrantAndDenial GRANT_MODIFY = new GrantAndDenial( MicroOperation.MODIFY,
14, true );
+    public static final GrantAndDenial DENY_MODIFY = new GrantAndDenial( MicroOperation.MODIFY,
15, false );
+    public static final GrantAndDenial GRANT_RENAME = new GrantAndDenial( MicroOperation.RENAME,
16, true );
+    public static final GrantAndDenial DENY_RENAME = new GrantAndDenial( MicroOperation.RENAME,
17, false );
+    public static final GrantAndDenial GRANT_RETURN_DN = new GrantAndDenial( MicroOperation.RETURN_DN,
18, true );
+    public static final GrantAndDenial DENY_RETURN_DN = new GrantAndDenial( MicroOperation.RETURN_DN,
19, false );
 
     // Permissions that may be used in conjunction with any component,
     // except entry, of <tt>ProtectedItem</tt>s.
-    public static final GrantAndDenial GRANT_COMPARE = new GrantAndDenial( 20, "grantCompare",
true );
-    public static final GrantAndDenial DENY_COMPARE = new GrantAndDenial( 21, "denyCompare",
false );
-    public static final GrantAndDenial GRANT_FILTER_MATCH = new GrantAndDenial( 22, "grantFilterMatch",
true );
-    public static final GrantAndDenial DENY_FILTER_MATCH = new GrantAndDenial( 23, "denyFilterMatch",
false );
-    public static final GrantAndDenial GRANT_INVOKE = new GrantAndDenial( 24, "grantInvoke",
true );
-    public static final GrantAndDenial DENY_INVOKE = new GrantAndDenial( 25, "denyInvoke",
false );
+    public static final GrantAndDenial GRANT_COMPARE = new GrantAndDenial( MicroOperation.COMPARE,
20, true );
+    public static final GrantAndDenial DENY_COMPARE = new GrantAndDenial( MicroOperation.COMPARE,
21, false );
+    public static final GrantAndDenial GRANT_FILTER_MATCH = new GrantAndDenial( MicroOperation.FILTER_MATCH,
22, true );
+    public static final GrantAndDenial DENY_FILTER_MATCH = new GrantAndDenial( MicroOperation.FILTER_MATCH,
23, false );
+    public static final GrantAndDenial GRANT_INVOKE = new GrantAndDenial( MicroOperation.INVOKE,
24, true );
+    public static final GrantAndDenial DENY_INVOKE = new GrantAndDenial( MicroOperation.INVOKE,
25, false );
 
+    private final MicroOperation microOperation;
     private final int code;
-    private final String description;
+    private final String name;
     private final boolean grant;
 
-    private GrantAndDenial( int code, String description, boolean grant )
+    private GrantAndDenial( MicroOperation microOperation, int code, boolean grant )
     {
+        this.microOperation = microOperation;
         this.code = code;
-        this.description = description;
+        this.name = ( grant? "grant" : "deny" ) + microOperation.getName();
         this.grant = grant;
     }
     
+    public MicroOperation getMicroOperation()
+    {
+        return microOperation;
+    }
+    
     public int getCode()
     {
         return code;
     }
     
-    public String getDescription()
+    public String getName()
     {
-        return description;
+        return name;
     }
     
     public boolean isGrant()
@@ -82,6 +89,6 @@
     
     public String toString()
     {
-        return description + '[' + code + ']';
+        return "[" + code + "] " + name;
     }
 }

Modified: directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ItemFirstACIItem.java
URL: http://svn.apache.org/viewcvs/directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ItemFirstACIItem.java?rev=290310&r1=290309&r2=290310&view=diff
==============================================================================
--- directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ItemFirstACIItem.java
(original)
+++ directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/ItemFirstACIItem.java
Mon Sep 19 16:36:40 2005
@@ -99,7 +99,8 @@
                         itemPermission.getUserClasses(),
                         getAuthenticationLevel(),
                         protectedItems,
-                        grants,
+                        toMicroOperations( grants ),
+                        true,
                         precedence ) );
             }
             if( denials.size() > 0 )
@@ -108,7 +109,8 @@
                         itemPermission.getUserClasses(),
                         getAuthenticationLevel(),
                         protectedItems,
-                        denials,
+                        toMicroOperations( denials ),
+                        false,
                         precedence ) );
             }
         }

Added: directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/MicroOperation.java
URL: http://svn.apache.org/viewcvs/directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/MicroOperation.java?rev=290310&view=auto
==============================================================================
--- directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/MicroOperation.java
(added)
+++ directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/MicroOperation.java
Mon Sep 19 16:36:40 2005
@@ -0,0 +1,60 @@
+/*
+ *   @(#) $Id$
+ *
+ *   Copyright 2004 The Apache Software Foundation
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License");
+ *   you may not use this file except in compliance with the License.
+ *   You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   Unless required by applicable law or agreed to in writing, software
+ *   distributed under the License is distributed on an "AS IS" BASIS,
+ *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *   See the License for the specific language governing permissions and
+ *   limitations under the License.
+ *
+ */
+package org.apache.ldap.common.acl;
+
+public class MicroOperation
+{
+    // Permissions that may be used in conjunction with any component of
+    // <tt>ProtectedItem</tt>s.
+    public static final MicroOperation ADD = new MicroOperation( "Add" );
+    public static final MicroOperation DISCLOSE_ON_ERROR = new MicroOperation( "DiscloseOnError"
);
+    public static final MicroOperation READ = new MicroOperation( "Read" );
+    public static final MicroOperation REMOVE = new MicroOperation( "Remove" );
+    
+    // Permissions that may be used only in conjunction with the entry component.
+    public static final MicroOperation BROWSE = new MicroOperation( "Browse" );
+    public static final MicroOperation EXPORT = new MicroOperation( "Export" );
+    public static final MicroOperation IMPORT = new MicroOperation( "Import" );
+    public static final MicroOperation MODIFY = new MicroOperation( "Modify" );
+    public static final MicroOperation RENAME = new MicroOperation( "Rename" );
+    public static final MicroOperation RETURN_DN = new MicroOperation( "ReturnDN" );
+
+    // Permissions that may be used in conjunction with any component,
+    // except entry, of <tt>ProtectedItem</tt>s.
+    public static final MicroOperation COMPARE = new MicroOperation( "Compare" );
+    public static final MicroOperation FILTER_MATCH = new MicroOperation( "FilterMatch" );
+    public static final MicroOperation INVOKE = new MicroOperation( "Invoke" );
+    
+    private final String name;
+    
+    private MicroOperation( String name )
+    {
+        this.name = name;
+    }
+    
+    public String getName()
+    {
+        return name;
+    }
+    
+    public String toString()
+    {
+        return name;
+    }
+}

Propchange: directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/MicroOperation.java
------------------------------------------------------------------------------
    svn:keywords = HeadURL Id LastChangedBy LastChangedDate LastChangedRevision

Modified: directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/UserFirstACIItem.java
URL: http://svn.apache.org/viewcvs/directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/UserFirstACIItem.java?rev=290310&r1=290309&r2=290310&view=diff
==============================================================================
--- directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/UserFirstACIItem.java
(original)
+++ directory/shared/ldap/trunk/common/src/java/org/apache/ldap/common/acl/UserFirstACIItem.java
Mon Sep 19 16:36:40 2005
@@ -99,7 +99,8 @@
                         getUserClasses(),
                         getAuthenticationLevel(),
                         userPermission.getProtectedItems(),
-                        grants,
+                        toMicroOperations( grants ),
+                        true,
                         precedence ) );
             }
             if( denials.size() > 0 )
@@ -108,7 +109,8 @@
                         getUserClasses(),
                         getAuthenticationLevel(),
                         userPermission.getProtectedItems(),
-                        denials,
+                        toMicroOperations( denials ),
+                        false,
                         precedence ) );
             }
         }



Mime
View raw message