directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r959741 - in /directory: apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/ apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ apacheds/trunk/core/src/test/java/org/apache/directory/serv...
Date Thu, 01 Jul 2010 18:29:28 GMT
Author: elecharny
Date: Thu Jul  1 18:29:27 2010
New Revision: 959741

URL: http://svn.apache.org/viewvc?rev=959741&view=rev
Log:
o Make the MaxValueCount and RestrictedBy elems using AttributeType instea of String
o Modified the hasPermission and filter methods to take an AT as a parameter
o Fixed the tests accordingly

Modified:
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java
    directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java
    directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/MaxValueCountFilterTest.java
    directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilterTest.java
    directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/RestrictedByFilterTest.java
    directory/shared/trunk/ldap-aci/src/main/antlr/ACIItem.g
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/MaxValueCountElem.java
    directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/RestrictedByElem.java
    directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ACIItemParserTest.java
    directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ProtectedItem_MaxValueCountTest.java
    directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ProtectedItem_RestrictedByTest.java

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java?rev=959741&r1=959740&r2=959741&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java Thu Jul  1 18:29:27 2010
@@ -471,7 +471,7 @@ public class AciAuthorizationInterceptor
             for ( Value<?> value : attribute )
             {
                 engine.checkPermission( schemaManager, addContext, userGroups, principalDn, principal
-                    .getAuthenticationLevel(), name, attribute.getUpId(), value, ADD_PERMS, tuples, serverEntry, null );
+                    .getAuthenticationLevel(), name, attribute.getAttributeType(), value, ADD_PERMS, tuples, serverEntry, null );
             }
         }
 
@@ -598,7 +598,7 @@ public class AciAuthorizationInterceptor
                     {
                         // ... we also need to check if adding the attribute is permitted
                         engine.checkPermission( schemaManager, modifyContext, userGroups, principalDn, principal
-                            .getAuthenticationLevel(), dn, attr.getId(), null, perms, tuples, entry, null );
+                            .getAuthenticationLevel(), dn, attr.getAttributeType(), null, perms, tuples, entry, null );
                     }
 
                     break;
@@ -614,7 +614,7 @@ public class AciAuthorizationInterceptor
                         {
                             // ... we also need to check if removing the attribute at all is permitted
                             engine.checkPermission( schemaManager, modifyContext, userGroups, principalDn, principal
-                                .getAuthenticationLevel(), dn, attr.getId(), null, perms, tuples, entry, null );
+                                .getAuthenticationLevel(), dn, attr.getAttributeType(), null, perms, tuples, entry, null );
                         }
                     }
 
@@ -643,7 +643,7 @@ public class AciAuthorizationInterceptor
             for ( Value<?> value : attr )
             {
                 engine.checkPermission( schemaManager, modifyContext, userGroups, principalDn, principal
-                    .getAuthenticationLevel(), dn, attr.getId(), value, perms, tuples, entry, entryView );
+                    .getAuthenticationLevel(), dn, attr.getAttributeType(), value, perms, tuples, entry, entryView );
             }
         }
 
@@ -743,7 +743,7 @@ public class AciAuthorizationInterceptor
             for ( Value<?> value : attribute )
             {
                 engine.checkPermission( schemaManager, lookupContext, userGroups, userName, principal
-                    .getAuthenticationLevel(), lookupContext.getDn(), attribute.getUpId(), value, READ_PERMS, tuples,
+                    .getAuthenticationLevel(), lookupContext.getDn(), attribute.getAttributeType(), value, READ_PERMS, tuples,
                     entry, null );
             }
         }
@@ -1053,8 +1053,10 @@ public class AciAuthorizationInterceptor
 
         engine.checkPermission( schemaManager, compareContext, userGroups, principalDn, principal.getAuthenticationLevel(),
             dn, null, null, READ_PERMS, tuples, entry, null );
+        
+        AttributeType attributeType = schemaManager.lookupAttributeTypeRegistry( oid );
         engine.checkPermission( schemaManager, compareContext, userGroups, principalDn, principal.getAuthenticationLevel(),
-            dn, oid, value, COMPARE_PERMS, tuples, entry, null );
+            dn, attributeType, value, COMPARE_PERMS, tuples, entry, null );
 
         return next.compare( compareContext );
     }
@@ -1100,11 +1102,10 @@ public class AciAuthorizationInterceptor
         for ( AttributeType attributeType : clonedEntry.getAttributeTypes() )
         {
             // if attribute type scope access is not allowed then remove the attribute and continue
-            String id = attributeType.getName();
             EntryAttribute attr = clonedEntry.get( attributeType );
 
             if ( !engine.hasPermission( schemaManager, opContext, userGroups, userDn, principal
-                .getAuthenticationLevel(), normName, id, null, SEARCH_ATTRVAL_PERMS, tuples, clonedEntry, null ) )
+                .getAuthenticationLevel(), normName, attributeType, null, SEARCH_ATTRVAL_PERMS, tuples, clonedEntry, null ) )
             {
                 attributeToRemove.add( attributeType );
 
@@ -1117,7 +1118,7 @@ public class AciAuthorizationInterceptor
             for ( Value<?> value : attr )
             {
                 if ( !engine.hasPermission( schemaManager, opContext, userGroups, userDn, principal
-                    .getAuthenticationLevel(), normName, attr.getUpId(), value, SEARCH_ATTRVAL_PERMS, tuples,
+                    .getAuthenticationLevel(), normName, attr.getAttributeType(), value, SEARCH_ATTRVAL_PERMS, tuples,
                     clonedEntry, null ) )
                 {
                     valueToRemove.add( value );

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java?rev=959741&r1=959740&r2=959741&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACDFEngine.java Thu Jul  1 18:29:27 2010
@@ -48,6 +48,7 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.exception.LdapException;
 import org.apache.directory.shared.ldap.exception.LdapNoPermissionException;
 import org.apache.directory.shared.ldap.name.DN;
+import org.apache.directory.shared.ldap.schema.AttributeType;
 import org.apache.directory.shared.ldap.schema.SchemaManager;
 import org.apache.directory.shared.ldap.schema.registries.OidRegistry;
 
@@ -115,7 +116,7 @@ public class ACDFEngine
      * @param userGroupNames the collection of the group DNs the user who is trying to access the resource belongs
      * @param username the DN of the user who is trying to access the resource
      * @param entryName the DN of the entry the user is trying to access
-     * @param attrId the attribute type of the attribute the user is trying to access.
+     * @param attributeType the attribute type of the attribute the user is trying to access.
      *               <tt>null</tt> if the user is not accessing a specific attribute type.
      * @param attrValue the attribute value of the attribute the user is trying to access.
      *                  <tt>null</tt> if the user is not accessing a specific attribute value.
@@ -131,7 +132,7 @@ public class ACDFEngine
         DN username,
         AuthenticationLevel authenticationLevel, 
         DN entryName, 
-        String attrId, 
+        AttributeType attributeType, 
         Value<?> attrValue, 
         Collection<MicroOperation> microOperations, 
         Collection<ACITuple> aciTuples, 
@@ -139,7 +140,7 @@ public class ACDFEngine
         Entry entryView ) throws LdapException
     {
         if ( !hasPermission( schemaManager, opContext, userGroupNames, username, authenticationLevel, entryName, 
-            attrId, attrValue, microOperations, aciTuples, entry, entryView ) )
+            attributeType, attrValue, microOperations, aciTuples, entry, entryView ) )
         {
             throw new LdapNoPermissionException();
         }
@@ -189,7 +190,7 @@ public class ACDFEngine
         DN userName,
         AuthenticationLevel authenticationLevel, 
         DN entryName, 
-        String attrId, 
+        AttributeType attributeType, 
         Value<?> attrValue, 
         Collection<MicroOperation> microOperations, 
         Collection<ACITuple> aciTuples, 
@@ -206,7 +207,7 @@ public class ACDFEngine
         // Determine the scope of the requested operation.
         OperationScope scope;
         
-        if ( attrId == null )
+        if ( attributeType == null )
         {
             scope = OperationScope.ENTRY;
         }
@@ -235,7 +236,7 @@ public class ACDFEngine
                 userEntry,
                 authenticationLevel, 
                 entryName, 
-                attrId, 
+                attributeType, 
                 attrValue, 
                 entry, 
                 microOperations, 

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java?rev=959741&r1=959740&r2=959741&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/ACITupleFilter.java Thu Jul  1 18:29:27 2010
@@ -30,6 +30,7 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.entry.Value;
 import org.apache.directory.shared.ldap.exception.LdapException;
 import org.apache.directory.shared.ldap.name.DN;
+import org.apache.directory.shared.ldap.schema.AttributeType;
 import org.apache.directory.shared.ldap.schema.SchemaManager;
 
 
@@ -54,7 +55,7 @@ public interface ACITupleFilter
      * @param userEntry the {@link Entry} of the current user entry in the DIT
      * @param authenticationLevel the level of authentication of the current user
      * @param entryName the {@link DN} of the entry the current user accesses
-     * @param attrId the attribute ID the current user accesses
+     * @param attributeType the attribute the current user accesses
      * @param attrValue the value of the attribute the current user accesses
      * @param entry the {@link Entry} of the entry the current user accesses
      * @param microOperations the set of {@link MicroOperation}s the current user will perform
@@ -72,7 +73,7 @@ public interface ACITupleFilter
             Entry userEntry,
             AuthenticationLevel authenticationLevel, 
             DN entryName, 
-            String attrId,
+            AttributeType attributeType,
             Value<?> attrValue, 
             Entry entry, 
             Collection<MicroOperation> microOperations,

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java?rev=959741&r1=959740&r2=959741&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/HighestPrecedenceFilter.java Thu Jul  1 18:29:27 2010
@@ -31,6 +31,7 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.entry.Value;
 import org.apache.directory.shared.ldap.exception.LdapException;
 import org.apache.directory.shared.ldap.name.DN;
+import org.apache.directory.shared.ldap.schema.AttributeType;
 import org.apache.directory.shared.ldap.schema.SchemaManager;
 
 
@@ -52,7 +53,7 @@ public class HighestPrecedenceFilter imp
             Entry userEntry, 
             AuthenticationLevel authenticationLevel,
             DN entryName, 
-            String attrId, 
+            AttributeType attributeType, 
             Value<?> attrValue, 
             Entry entry, 
             Collection<MicroOperation> microOperations,

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java?rev=959741&r1=959740&r2=959741&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxImmSubFilter.java Thu Jul  1 18:29:27 2010
@@ -53,6 +53,7 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.filter.PresenceNode;
 import org.apache.directory.shared.ldap.message.AliasDerefMode;
 import org.apache.directory.shared.ldap.name.DN;
+import org.apache.directory.shared.ldap.schema.AttributeType;
 import org.apache.directory.shared.ldap.schema.SchemaManager;
 
 
@@ -87,7 +88,7 @@ public class MaxImmSubFilter implements 
             Entry userEntry, 
             AuthenticationLevel authenticationLevel,
             DN entryName, 
-            String attrId, 
+            AttributeType attributeType, 
             Value<?> attrValue, 
             Entry entry, 
             Collection<MicroOperation> microOperations,

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java?rev=959741&r1=959740&r2=959741&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MaxValueCountFilter.java Thu Jul  1 18:29:27 2010
@@ -35,6 +35,7 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.entry.Value;
 import org.apache.directory.shared.ldap.exception.LdapException;
 import org.apache.directory.shared.ldap.name.DN;
+import org.apache.directory.shared.ldap.schema.AttributeType;
 import org.apache.directory.shared.ldap.schema.SchemaManager;
 
 
@@ -56,7 +57,7 @@ public class MaxValueCountFilter impleme
             Entry userEntry, 
             AuthenticationLevel authenticationLevel,
             DN entryName, 
-            String attrId, 
+            AttributeType attributeType, 
             Value<?> attrValue, 
             Entry entry, 
             Collection<MicroOperation> microOperations,
@@ -90,7 +91,7 @@ public class MaxValueCountFilter impleme
                 {
                     MaxValueCountItem mvc = ( MaxValueCountItem ) item;
                     
-                    if ( isRemovable( mvc, attrId, entryView ) )
+                    if ( isRemovable( mvc, attributeType, entryView ) )
                     {
                         i.remove();
                         break;
@@ -103,14 +104,15 @@ public class MaxValueCountFilter impleme
     }
 
 
-    private boolean isRemovable( MaxValueCountItem mvc, String attrId, Entry entryView ) throws LdapException
+    private boolean isRemovable( MaxValueCountItem mvc, AttributeType attributeType, Entry entryView ) throws LdapException
     {
         for ( Iterator<MaxValueCountElem> k = mvc.iterator(); k.hasNext(); )
         {
             MaxValueCountElem mvcItem = k.next();
-            if ( attrId.equalsIgnoreCase( mvcItem.getAttributeType() ) )
+            
+            if ( attributeType.equals( mvcItem.getAttributeType() ) )
             {
-                EntryAttribute attr = entryView.get( attrId );
+                EntryAttribute attr = entryView.get( attributeType );
                 int attrCount = attr == null ? 0 : attr.size();
                 
                 if ( attrCount > mvcItem.getMaxCount() )

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java?rev=959741&r1=959740&r2=959741&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MicroOperationFilter.java Thu Jul  1 18:29:27 2010
@@ -31,6 +31,7 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.entry.Value;
 import org.apache.directory.shared.ldap.exception.LdapException;
 import org.apache.directory.shared.ldap.name.DN;
+import org.apache.directory.shared.ldap.schema.AttributeType;
 import org.apache.directory.shared.ldap.schema.SchemaManager;
 
 
@@ -53,7 +54,7 @@ public class MicroOperationFilter implem
             Entry userEntry, 
             AuthenticationLevel authenticationLevel,
             DN entryName, 
-            String attrId, 
+            AttributeType attributeType, 
             Value<?> attrValue, 
             Entry entry, 
             Collection<MicroOperation> microOperations,

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java?rev=959741&r1=959740&r2=959741&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificProtectedItemFilter.java Thu Jul  1 18:29:27 2010
@@ -37,6 +37,7 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.entry.Value;
 import org.apache.directory.shared.ldap.exception.LdapException;
 import org.apache.directory.shared.ldap.name.DN;
+import org.apache.directory.shared.ldap.schema.AttributeType;
 import org.apache.directory.shared.ldap.schema.SchemaManager;
 
 
@@ -66,7 +67,7 @@ public class MostSpecificProtectedItemFi
             Entry userEntry, 
             AuthenticationLevel authenticationLevel,
             DN entryName, 
-            String attrId, 
+            AttributeType attributeType, 
             Value<?> attrValue, 
             Entry entry, 
             Collection<MicroOperation> microOperations,

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java?rev=959741&r1=959740&r2=959741&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/MostSpecificUserClassFilter.java Thu Jul  1 18:29:27 2010
@@ -32,6 +32,7 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.entry.Value;
 import org.apache.directory.shared.ldap.exception.LdapException;
 import org.apache.directory.shared.ldap.name.DN;
+import org.apache.directory.shared.ldap.schema.AttributeType;
 import org.apache.directory.shared.ldap.schema.SchemaManager;
 
 
@@ -59,7 +60,7 @@ public class MostSpecificUserClassFilter
             Entry userEntry, 
             AuthenticationLevel authenticationLevel,
             DN entryName, 
-            String attrId, 
+            AttributeType attributeType, 
             Value<?> attrValue, 
             Entry entry, 
             Collection<MicroOperation> microOperations,

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java?rev=959741&r1=959740&r2=959741&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilter.java Thu Jul  1 18:29:27 2010
@@ -85,7 +85,7 @@ public class RelatedProtectedItemFilter 
             Entry userEntry,
             AuthenticationLevel authenticationLevel, 
             DN entryName, 
-            String attrId,
+            AttributeType attributeType,
             Value<?> attrValue, 
             Entry entry, 
             Collection<MicroOperation> microOperations,
@@ -101,7 +101,7 @@ public class RelatedProtectedItemFilter 
         {
             ACITuple tuple = i.next();
             
-            if ( !isRelated( tuple, scope, userName, entryName, attrId, attrValue, entry ) )
+            if ( !isRelated( tuple, scope, userName, entryName, attributeType, attrValue, entry ) )
             {
                 i.remove();
             }
@@ -111,14 +111,14 @@ public class RelatedProtectedItemFilter 
     }
 
 
-    private boolean isRelated( ACITuple tuple, OperationScope scope, DN userName, DN entryName, String attrId,
+    private boolean isRelated( ACITuple tuple, OperationScope scope, DN userName, DN entryName, AttributeType attributeType,
                                Value<?> attrValue, Entry entry ) throws LdapException, InternalError
     {
         String oid = null;
         
-        if ( attrId != null )
+        if ( attributeType != null )
         {
-            oid = schemaManager.getAttributeTypeRegistry().getOidByName( attrId );
+            oid = attributeType.getOid();
         }
         
         for ( ProtectedItem item : tuple.getProtectedItems() )
@@ -159,9 +159,9 @@ public class RelatedProtectedItemFilter 
 
                 for ( Iterator<AttributeType> iterator = aav.iterator(); iterator.hasNext(); )
                 {
-                    AttributeType attributeType = iterator.next();
+                    AttributeType attr = iterator.next();
                     
-                    if ( oid.equals( attributeType.getOid() ) )
+                    if ( oid.equals( attr.getOid() ) )
                     {
                         return true;
                     }
@@ -178,9 +178,9 @@ public class RelatedProtectedItemFilter 
                 
                 for ( Iterator<AttributeType> iterator = at.iterator(); iterator.hasNext(); )
                 {
-                    AttributeType attributeType = iterator.next();
+                    AttributeType attr = iterator.next();
                     
-                    if ( oid.equals( attributeType.getOid() ) )
+                    if ( oid.equals( attr.getOid() ) )
                     {
                         return true;
                     }
@@ -197,23 +197,23 @@ public class RelatedProtectedItemFilter 
                 
                 for ( Iterator<EntryAttribute> j = av.iterator(); j.hasNext(); )
                 {
-                    EntryAttribute attr = j.next();
+                    EntryAttribute entryAttribute = j.next();
                     
-                    AttributeType attributeType =  attr.getAttributeType();
+                    AttributeType attr =  entryAttribute.getAttributeType();
                     String attrOid = null;
                     
-                    if ( attributeType != null )
+                    if ( attr != null )
                     {
-                        attrOid = attr.getAttributeType().getOid();
+                        attrOid = entryAttribute.getAttributeType().getOid();
                     }
                     else
                     {
-                        attributeType = schemaManager.getAttributeTypeRegistry().lookup( attr.getId() );
-                        attrOid = attributeType.getOid();
-                        attr.setAttributeType( attributeType );
+                        attr = schemaManager.getAttributeTypeRegistry().lookup( entryAttribute.getId() );
+                        attrOid = attr.getOid();
+                        entryAttribute.setAttributeType( attr );
                     }
                     
-                    if ( oid.equals( attrOid ) && attr.contains( attrValue ) )
+                    if ( oid.equals( attrOid ) && entryAttribute.contains( attrValue ) )
                     {
                         return true;
                     }
@@ -245,7 +245,7 @@ public class RelatedProtectedItemFilter 
                 {
                     MaxValueCountElem mvcItem = j.next();
                     
-                    if ( oid.equals( schemaManager.getAttributeTypeRegistry().getOidByName( mvcItem.getAttributeType() ) ) )
+                    if ( oid.equals( mvcItem.getAttributeType().getOid() ) )
                     {
                         return true;
                     }
@@ -272,7 +272,8 @@ public class RelatedProtectedItemFilter 
                 for ( Iterator<RestrictedByElem> j = rb.iterator(); j.hasNext(); )
                 {
                     RestrictedByElem rbItem = j.next();
-                    if ( oid.equals( schemaManager.getAttributeTypeRegistry().getOidByName( rbItem.getAttributeType() ) ) )
+                    
+                    if ( oid.equals( rbItem.getAttributeType().getOid() ) )
                     {
                         return true;
                     }
@@ -289,15 +290,15 @@ public class RelatedProtectedItemFilter 
                 
                 for ( Iterator<AttributeType> iterator = sv.iterator(); iterator.hasNext(); )
                 {
-                    AttributeType attributeType = iterator.next();
+                    AttributeType attr = iterator.next();
                     
-                    if ( oid.equals( attributeType.getOid() ) )
+                    if ( oid.equals( attr.getOid() ) )
                     {
-                        EntryAttribute attr = entry.get( oid );
+                        EntryAttribute entryAttribute = entry.get( oid );
                         
-                        if ( ( attr != null ) && 
-                             ( ( attr.contains( userName.getNormName() ) || 
-                               ( attr.contains( userName.getName() ) ) ) ) )
+                        if ( ( entryAttribute != null ) && 
+                             ( ( entryAttribute.contains( userName.getNormName() ) || 
+                               ( entryAttribute.contains( userName.getName() ) ) ) ) )
                         {
                             return true;
                         }

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java?rev=959741&r1=959740&r2=959741&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RelatedUserClassFilter.java Thu Jul  1 18:29:27 2010
@@ -35,6 +35,7 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.entry.Value;
 import org.apache.directory.shared.ldap.exception.LdapException;
 import org.apache.directory.shared.ldap.name.DN;
+import org.apache.directory.shared.ldap.schema.AttributeType;
 import org.apache.directory.shared.ldap.schema.SchemaManager;
 import org.apache.directory.shared.ldap.subtree.SubtreeSpecification;
 
@@ -68,7 +69,7 @@ public class RelatedUserClassFilter impl
             Entry userEntry, 
             AuthenticationLevel authenticationLevel,
             DN entryName, 
-            String attrId, 
+            AttributeType attributeType, 
             Value<?> attrValue, 
             Entry entry, 
             Collection<MicroOperation> microOperations,

Modified: directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java?rev=959741&r1=959740&r2=959741&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java (original)
+++ directory/apacheds/trunk/core/src/main/java/org/apache/directory/server/core/authz/support/RestrictedByFilter.java Thu Jul  1 18:29:27 2010
@@ -35,6 +35,7 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.entry.Value;
 import org.apache.directory.shared.ldap.exception.LdapException;
 import org.apache.directory.shared.ldap.name.DN;
+import org.apache.directory.shared.ldap.schema.AttributeType;
 import org.apache.directory.shared.ldap.schema.SchemaManager;
 
 
@@ -56,7 +57,7 @@ public class RestrictedByFilter implemen
             Entry userEntry, 
             AuthenticationLevel authenticationLevel,
             DN entryName, 
-            String attrId, 
+            AttributeType attributeType, 
             Value<?> attrValue, 
             Entry entry, 
             Collection<MicroOperation> microOperations,
@@ -82,7 +83,7 @@ public class RestrictedByFilter implemen
                 continue;
             }
 
-            if ( isRemovable( tuple, attrId, attrValue, entry ) )
+            if ( isRemovable( tuple, attributeType, attrValue, entry ) )
             {
                 ii.remove();
             }
@@ -92,7 +93,7 @@ public class RestrictedByFilter implemen
     }
 
 
-    public boolean isRemovable( ACITuple tuple, String attrId, Value<?> attrValue, Entry entry ) throws LdapException
+    public boolean isRemovable( ACITuple tuple, AttributeType attributeType, Value<?> attrValue, Entry entry ) throws LdapException
     {
         for ( ProtectedItem item : tuple.getProtectedItems() )
         {
@@ -105,7 +106,7 @@ public class RestrictedByFilter implemen
                     RestrictedByElem rbItem = k.next();
                 
                     // TODO Fix DIRSEVER-832 
-                    if ( attrId.equalsIgnoreCase( rbItem.getAttributeType() ) )
+                    if ( attributeType.equals( rbItem.getAttributeType() ) )
                     {
                         EntryAttribute attr = entry.get( rbItem.getValuesIn() );
                         

Modified: directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/MaxValueCountFilterTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/MaxValueCountFilterTest.java?rev=959741&r1=959740&r2=959741&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/MaxValueCountFilterTest.java (original)
+++ directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/MaxValueCountFilterTest.java Thu Jul  1 18:29:27 2010
@@ -41,6 +41,7 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.entry.DefaultEntry;
 import org.apache.directory.shared.ldap.entry.Entry;
 import org.apache.directory.shared.ldap.name.DN;
+import org.apache.directory.shared.ldap.schema.AttributeType;
 import org.apache.directory.shared.ldap.schema.SchemaManager;
 import org.apache.directory.shared.ldap.schema.loader.ldif.JarLdifSchemaLoader;
 import org.apache.directory.shared.ldap.schema.manager.impl.DefaultSchemaManager;
@@ -69,13 +70,8 @@ public class MaxValueCountFilterTest
     private static Entry ENTRY;
     private static Entry FULL_ENTRY;
 
-    static
-    {
-        Set<MaxValueCountElem> mvcItems = new HashSet<MaxValueCountElem>();
-        mvcItems.add( new MaxValueCountElem( "cn", 2 ) );
-        PROTECTED_ITEMS.add( new MaxValueCountItem( mvcItems ) );
-    }
-
+    /** The CN attribute Type */
+    private static AttributeType CN_AT;
 
     /** A reference to the schemaManager */
     private static SchemaManager schemaManager;
@@ -100,6 +96,13 @@ public class MaxValueCountFilterTest
         
         ENTRY.put( "cn", "1" );
         FULL_ENTRY.put( "cn", "1", "2", "3" );
+
+        Set<MaxValueCountElem> mvcItems = new HashSet<MaxValueCountElem>();
+        AttributeType cn = schemaManager.lookupAttributeTypeRegistry( "cn" );
+        mvcItems.add( new MaxValueCountElem( cn, 2 ) );
+        PROTECTED_ITEMS.add( new MaxValueCountItem( mvcItems ) );
+        
+        CN_AT = schemaManager.lookupAttributeTypeRegistry( "cn" );
     }
     
     
@@ -142,9 +145,9 @@ public class MaxValueCountFilterTest
         tuples = Collections.unmodifiableCollection( tuples );
 
         assertEquals( tuples, filter.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, null,
-            null, null, null, "cn", null, ENTRY, null, null ) );
+            null, null, null, CN_AT, null, ENTRY, null, null ) );
         assertEquals( tuples, filter.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, null,
-            null, null, null, "cn", null, FULL_ENTRY, null, null ) );
+            null, null, null, CN_AT, null, FULL_ENTRY, null, null ) );
     }
 
 
@@ -165,9 +168,9 @@ public class MaxValueCountFilterTest
             0 ) );
 
         assertEquals( 1, filter.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, null, null,
-            null, null, "cn", null, ENTRY, null, ENTRY ).size() );
+            null, null, CN_AT, null, ENTRY, null, ENTRY ).size() );
 
         assertEquals( 0, filter.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, null, null,
-            null, null, "cn", null, FULL_ENTRY, null, FULL_ENTRY ).size() );
+            null, null, CN_AT, null, FULL_ENTRY, null, FULL_ENTRY ).size() );
     }
 }

Modified: directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilterTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilterTest.java?rev=959741&r1=959740&r2=959741&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilterTest.java (original)
+++ directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/RelatedProtectedItemFilterTest.java Thu Jul  1 18:29:27 2010
@@ -93,6 +93,12 @@ public class RelatedProtectedItemFilterT
     
     /** The CN attribute Type */
     private static AttributeType CN_AT;
+    
+    /** The OU attribute Type */
+    private static AttributeType OU_AT;
+    
+    /** The SN attribute Type */
+    private static AttributeType SN_AT;
 
     
     @BeforeClass 
@@ -123,6 +129,8 @@ public class RelatedProtectedItemFilterT
         USER_NAMES.add( USER_NAME );
         GROUP_NAMES.add( GROUP_NAME );
         CN_AT = schemaManager.lookupAttributeTypeRegistry( "cn" );
+        OU_AT = schemaManager.lookupAttributeTypeRegistry( "ou" );
+        SN_AT = schemaManager.lookupAttributeTypeRegistry( "sn" );
     }
 
     
@@ -140,7 +148,7 @@ public class RelatedProtectedItemFilterT
         Collection<ACITuple> tuples = getTuples( ProtectedItem.ENTRY );
 
         assertEquals( 1, filterA.filter( null, tuples, OperationScope.ENTRY, null, null, null, null,
-            AuthenticationLevel.NONE, null, "ou", null, null, null, null ).size() );
+            AuthenticationLevel.NONE, null, OU_AT, null, null, null, null ).size() );
     }
 
 
@@ -151,12 +159,12 @@ public class RelatedProtectedItemFilterT
 
         // Test wrong scope
         assertEquals( 0, filterA.filter( null, tuples, OperationScope.ENTRY, null, null, USER_NAME, null, null, null,
-            "cn", null, null, null, null ).size() );
+            CN_AT, null, null, null, null ).size() );
 
         tuples = getTuples( ProtectedItem.ALL_USER_ATTRIBUTE_TYPES );
 
         assertEquals( 1, filterA.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE, null, null, USER_NAME, null,
-            null, null, "cn", null, null, null, null ).size() );
+            null, null, CN_AT, null, null, null, null ).size() );
     }
 
 
@@ -167,12 +175,12 @@ public class RelatedProtectedItemFilterT
 
         // Test wrong scope
         assertEquals( 0, filterA.filter( null, tuples, OperationScope.ENTRY, null, null, USER_NAME, null, null, null,
-            "cn", null, null, null, null ).size() );
+            CN_AT, null, null, null, null ).size() );
 
         tuples = getTuples( ProtectedItem.ALL_USER_ATTRIBUTE_TYPES_AND_VALUES );
 
         assertEquals( 1, filterA.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE, null, null, USER_NAME, null,
-            null, null, "cn", null, null, null, null ).size() );
+            null, null, CN_AT, null, null, null, null ).size() );
     }
 
 
@@ -185,15 +193,15 @@ public class RelatedProtectedItemFilterT
 
         // Test wrong scope
         assertEquals( 0, filterA.filter( null, tuples, OperationScope.ENTRY, null, null, USER_NAME, null, null, null,
-            "cn", null, null, null, null ).size() );
+            CN_AT, null, null, null, null ).size() );
 
         tuples = getTuples( new AllAttributeValuesItem( attrTypes ) );
 
         assertEquals( 1, filterA.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, USER_NAME, null,
-            null, null, "cn", null, null, null, null ).size() );
+            null, null, CN_AT, null, null, null, null ).size() );
 
         assertEquals( 0, filterB.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, USER_NAME, null,
-            null, null, "sn", null, null, null, null ).size() );
+            null, null, SN_AT, null, null, null, null ).size() );
     }
 
 
@@ -206,15 +214,15 @@ public class RelatedProtectedItemFilterT
 
         // Test wrong scope
         assertEquals( 0, filterA.filter( null, tuples, OperationScope.ENTRY, null, null, USER_NAME, null, null, null,
-            "cn", null, null, null, null ).size() );
+            CN_AT, null, null, null, null ).size() );
 
         tuples = getTuples( new AttributeTypeItem( attrTypes ) );
 
         assertEquals( 1, filterA.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE, null, null, USER_NAME, null,
-            null, null, "cn", null, null, null, null ).size() );
+            null, null, CN_AT, null, null, null, null ).size() );
 
         assertEquals( 0, filterA.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE, null, null, USER_NAME, null,
-            null, null, "sn", null, null, null, null ).size() );
+            null, null, SN_AT, null, null, null, null ).size() );
     }
 
 
@@ -227,23 +235,23 @@ public class RelatedProtectedItemFilterT
 
         // Test wrong scope
         assertEquals( 0, filterA.filter( null, tuples, OperationScope.ENTRY, null, null, USER_NAME, null, null, null,
-            "cn", null, null, null, null ).size() );
+            CN_AT, null, null, null, null ).size() );
         tuples = getTuples( new AttributeValueItem( attributes ) );
         assertEquals( 0, filterA.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE, null, null, USER_NAME, null,
-            null, null, "cn", null, null, null, null ).size() );
+            null, null, CN_AT, null, null, null, null ).size() );
 
         tuples = getTuples( new AttributeValueItem( attributes ) );
 
         assertEquals( 1, filterA.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, USER_NAME,
-            null, null, null, "cn", new StringValue( "valueA" ), null, null, null ).size() );
+            null, null, null, CN_AT, new StringValue( "valueA" ), null, null, null ).size() );
 
         assertEquals( 0, filterA.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, USER_NAME,
-            null, null, null, "cn", new StringValue( "valueB" ), null, null, null ).size() );
+            null, null, null, CN_AT, new StringValue( "valueB" ), null, null, null ).size() );
 
         tuples = getTuples( new AttributeValueItem( attributes ) );
 
         assertEquals( 0, filterA.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, USER_NAME,
-            null, null, null, "sn", new StringValue( "valueA" ), null, null, null ).size() );
+            null, null, null, SN_AT, new StringValue( "valueA" ), null, null, null ).size() );
     }
 
 
@@ -260,7 +268,7 @@ public class RelatedProtectedItemFilterT
 
         // Should always retain tuples.
         assertEquals( 1, filterA.filter( null, tuples, OperationScope.ENTRY, null, null, USER_NAME, null, null, null,
-            "cn", null, null, null, null ).size() );
+            CN_AT, null, null, null, null ).size() );
     }
 
 
@@ -268,23 +276,23 @@ public class RelatedProtectedItemFilterT
     public void testMaxValueCount() throws Exception
     {
         Set<MaxValueCountElem> mvcItems = new HashSet<MaxValueCountElem>();
-        mvcItems.add( new MaxValueCountElem( "cn", 3 ) );
+        mvcItems.add( new MaxValueCountElem( CN_AT, 3 ) );
         Collection<ACITuple> tuples = getTuples( new MaxValueCountItem( mvcItems ) );
 
         // Test wrong scope
         assertEquals( 0, filterA.filter( null, tuples, OperationScope.ENTRY, null, null, USER_NAME, null, null, null,
-            "cn", null, null, null, null ).size() );
+            CN_AT, null, null, null, null ).size() );
         tuples = getTuples( new MaxValueCountItem( mvcItems ) );
         assertEquals( 0, filterA.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE, null, null, USER_NAME, null,
-            null, null, "cn", null, null, null, null ).size() );
+            null, null, CN_AT, null, null, null, null ).size() );
 
         tuples = getTuples( new MaxValueCountItem( mvcItems ) );
 
         assertEquals( 1, filterA.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, USER_NAME,
-            null, null, null, "cn", null, null, null, null ).size() );
+            null, null, null, CN_AT, null, null, null, null ).size() );
 
         assertEquals( 0, filterA.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, USER_NAME,
-            null, null, null, "sn", null, null, null, null ).size() );
+            null, null, null, SN_AT, null, null, null, null ).size() );
     }
 
 
@@ -312,23 +320,23 @@ public class RelatedProtectedItemFilterT
     public void testRestrictedBy() throws Exception
     {
         Set<RestrictedByElem> rbItems = new HashSet<RestrictedByElem>();
-        rbItems.add( new RestrictedByElem( "cn", "sn" ) );
+        rbItems.add( new RestrictedByElem( CN_AT, SN_AT ) );
         Collection<ACITuple> tuples = getTuples( new RestrictedByItem( rbItems ) );
 
         // Test wrong scope
         assertEquals( 0, filterA.filter( null, tuples, OperationScope.ENTRY, null, null, USER_NAME, null, null, null,
-            "cn", null, null, null, null ).size() );
+            CN_AT, null, null, null, null ).size() );
         tuples = getTuples( new RestrictedByItem( rbItems ) );
         assertEquals( 0, filterA.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE, null, null, USER_NAME, null,
-            null, null, "cn", null, null, null, null ).size() );
+            null, null, CN_AT, null, null, null, null ).size() );
 
         tuples = getTuples( new RestrictedByItem( rbItems ) );
 
         assertEquals( 1, filterA.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, USER_NAME,
-            null, null, null, "cn", null, null, null, null ).size() );
+            null, null, null, CN_AT, null, null, null, null ).size() );
 
         assertEquals( 0, filterA.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, USER_NAME,
-            null, null, null, "sn", null, null, null, null ).size() );
+            null, null, null, SN_AT, null, null, null, null ).size() );
     }
 
 
@@ -344,20 +352,20 @@ public class RelatedProtectedItemFilterT
 
         // Test wrong scope
         assertEquals( 0, filterA.filter( null, tuples, OperationScope.ENTRY, null, null, USER_NAME, null, null, null,
-            "cn", null, entry, null, null ).size() );
+            CN_AT, null, entry, null, null ).size() );
 
         tuples = getTuples( new SelfValueItem( attrTypes ) );
 
         assertEquals( 1, filterA.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, USER_NAME,
-            null, null, null, "cn", null, entry, null, null ).size() );
+            null, null, null, CN_AT, null, entry, null, null ).size() );
 
         entry.removeAttributes( "cn" );
         assertEquals( 0, filterA.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, USER_NAME,
-            null, null, null, "cn", null, entry, null, null ).size() );
+            null, null, null, CN_AT, null, entry, null, null ).size() );
 
         tuples = getTuples( new SelfValueItem( attrTypes ) );
         assertEquals( 0, filterA.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, USER_NAME,
-            null, null, null, "sn", null, entry, null, null ).size() );
+            null, null, null, SN_AT, null, entry, null, null ).size() );
     }
 
 

Modified: directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/RestrictedByFilterTest.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/RestrictedByFilterTest.java?rev=959741&r1=959740&r2=959741&view=diff
==============================================================================
--- directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/RestrictedByFilterTest.java (original)
+++ directory/apacheds/trunk/core/src/test/java/org/apache/directory/server/core/authz/support/RestrictedByFilterTest.java Thu Jul  1 18:29:27 2010
@@ -43,6 +43,7 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.entry.Entry;
 import org.apache.directory.shared.ldap.entry.StringValue;
 import org.apache.directory.shared.ldap.name.DN;
+import org.apache.directory.shared.ldap.schema.AttributeType;
 import org.apache.directory.shared.ldap.schema.SchemaManager;
 import org.apache.directory.shared.ldap.schema.loader.ldif.JarLdifSchemaLoader;
 import org.apache.directory.shared.ldap.schema.manager.impl.DefaultSchemaManager;
@@ -69,16 +70,14 @@ public class RestrictedByFilterTest
     private static final Collection<ProtectedItem> PROTECTED_ITEMS = new ArrayList<ProtectedItem>();
     private static Entry ENTRY;
 
-    static
-    {
-        Set<RestrictedByElem> mvcItems = new HashSet<RestrictedByElem>();
-        mvcItems.add( new RestrictedByElem( "sn", "cn" ) );
-        PROTECTED_ITEMS.add( new RestrictedByItem( mvcItems ) );
-    }
-
-
     /** A reference to the schemaManager */
     private static SchemaManager schemaManager;
+    
+    /** The CN attribute Type */
+    private static AttributeType CN_AT;
+
+    /** The SN attribute Type */
+    private static AttributeType SN_AT;
 
     
     @BeforeClass 
@@ -100,6 +99,12 @@ public class RestrictedByFilterTest
         ENTRY = new DefaultEntry( schemaManager, entryName );
 
         ENTRY.put( "cn", "1", "2" );
+        CN_AT = schemaManager.lookupAttributeTypeRegistry( "cn" );
+        SN_AT = schemaManager.lookupAttributeTypeRegistry( "sn" );
+
+        Set<RestrictedByElem> mvcItems = new HashSet<RestrictedByElem>();
+        mvcItems.add( new RestrictedByElem( SN_AT, CN_AT ) );
+        PROTECTED_ITEMS.add( new RestrictedByItem( mvcItems ) );
     }
 
 
@@ -140,7 +145,7 @@ public class RestrictedByFilterTest
         tuples = Collections.unmodifiableCollection( tuples );
 
         assertEquals( tuples, filter.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, null,
-            null, null, null, "testAttr", null, ENTRY, null, null ) );
+            null, null, null, SN_AT, null, ENTRY, null, null ) );
     }
 
 
@@ -152,12 +157,12 @@ public class RestrictedByFilterTest
         tuples.add( new ACITuple( UC_EMPTY_COLLECTION, AuthenticationLevel.NONE, PROTECTED_ITEMS, MO_EMPTY_SET, true, 0 ) );
 
         assertEquals( 1, filter.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, null, null,
-            null, null, "sn", new StringValue( "1" ), ENTRY, null, null ).size() );
+            null, null, SN_AT, new StringValue( "1" ), ENTRY, null, null ).size() );
 
         assertEquals( 1, filter.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, null, null,
-            null, null, "sn", new StringValue( "2" ), ENTRY, null, null ).size() );
+            null, null, SN_AT, new StringValue( "2" ), ENTRY, null, null ).size() );
 
         assertEquals( 0, filter.filter( null, tuples, OperationScope.ATTRIBUTE_TYPE_AND_VALUE, null, null, null, null,
-            null, null, "sn", new StringValue( "3" ), ENTRY, null, null ).size() );
+            null, null, SN_AT, new StringValue( "3" ), ENTRY, null, null ).size() );
     }
 }

Modified: directory/shared/trunk/ldap-aci/src/main/antlr/ACIItem.g
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/main/antlr/ACIItem.g?rev=959741&r1=959740&r2=959741&view=diff
==============================================================================
--- directory/shared/trunk/ldap-aci/src/main/antlr/ACIItem.g (original)
+++ directory/shared/trunk/ldap-aci/src/main/antlr/ACIItem.g Thu Jul  1 18:29:27 2010
@@ -582,6 +582,7 @@ aMaxValueCount returns [ MaxValueCountEl
     maxValueCount = null;
     String oid = null;
     Token token = null;
+    AttributeType attributeType = null;
 }
     :
     OPEN_CURLY ( SP )*
@@ -596,7 +597,16 @@ aMaxValueCount returns [ MaxValueCountEl
         )
     ( SP )* CLOSE_CURLY
     {
-        maxValueCount = new MaxValueCountElem( oid, token2Integer( token ) );
+        try
+        {
+            attributeType = schemaManager.lookupAttributeTypeRegistry( oid );
+            maxValueCount = new MaxValueCountElem( attributeType, token2Integer( token ) );
+        }
+        catch ( LdapException le )
+        {
+              // The oid does not exist
+              // TODO : deal with such an exception
+        }
     }
     ;
 
@@ -644,6 +654,8 @@ restrictedValue returns [ RestrictedByEl
     String typeOid = null;
     String valuesInOid = null;
     restrictedValue = null;
+    AttributeType attributeType = null;
+    AttributeType valueInAttributeType = null;
 }
     :
     OPEN_CURLY ( SP )*
@@ -656,7 +668,17 @@ restrictedValue returns [ RestrictedByEl
         )
     ( SP )* CLOSE_CURLY
     {
-        restrictedValue = new RestrictedByElem( typeOid, valuesInOid );
+        try
+        {
+            attributeType = schemaManager.lookupAttributeTypeRegistry( typeOid );
+            valueInAttributeType = schemaManager.lookupAttributeTypeRegistry( valuesInOid );
+            restrictedValue = new RestrictedByElem( attributeType, valueInAttributeType );
+        }
+        catch ( LdapException le )
+        {
+              // The oid does not exist
+              // TODO : deal with such an exception
+        }
     }
     ;
 

Modified: directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/MaxValueCountElem.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/MaxValueCountElem.java?rev=959741&r1=959740&r2=959741&view=diff
==============================================================================
--- directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/MaxValueCountElem.java (original)
+++ directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/MaxValueCountElem.java Thu Jul  1 18:29:27 2010
@@ -19,6 +19,8 @@
  */
 package org.apache.directory.shared.ldap.aci.protectedItem;
 
+import org.apache.directory.shared.ldap.schema.AttributeType;
+
 
 /**
  * An element of {@link MaxValueCount}.
@@ -26,7 +28,7 @@ package org.apache.directory.shared.ldap
 public class MaxValueCountElem
 {
     /** The targeted AttributeType */
-    private String attributeType;
+    private AttributeType attributeType;
 
     /** The maximum number of accepted values for this attributeType */
     private int maxCount;
@@ -39,7 +41,7 @@ public class MaxValueCountElem
      * @param maxCount the maximum count of the attribute allowed
      */
 
-    public MaxValueCountElem( String attributeType, int maxCount )
+    public MaxValueCountElem( AttributeType attributeType, int maxCount )
     {
         this.attributeType = attributeType;
         this.maxCount = maxCount;
@@ -47,9 +49,9 @@ public class MaxValueCountElem
 
 
     /**
-     * Returns the attribute ID to limit the maximum count.
+     * Returns the attribute to limit the maximum count.
      */
-    public String getAttributeType()
+    public AttributeType getAttributeType()
     {
         return attributeType;
     }
@@ -69,6 +71,6 @@ public class MaxValueCountElem
      */
     public String toString()
     {
-        return "{ type " + attributeType + ", maxCount " + maxCount + " }";
+        return "{ type " + attributeType.getName() + ", maxCount " + maxCount + " }";
     }
 }

Modified: directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/RestrictedByElem.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/RestrictedByElem.java?rev=959741&r1=959740&r2=959741&view=diff
==============================================================================
--- directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/RestrictedByElem.java (original)
+++ directory/shared/trunk/ldap-aci/src/main/java/org/apache/directory/shared/ldap/aci/protectedItem/RestrictedByElem.java Thu Jul  1 18:29:27 2010
@@ -19,6 +19,8 @@
  */
 package org.apache.directory.shared.ldap.aci.protectedItem;
 
+import org.apache.directory.shared.ldap.schema.AttributeType;
+
 
 /**
  * An element of {@link RestrictedByItem}.
@@ -26,10 +28,10 @@ package org.apache.directory.shared.ldap
 public class RestrictedByElem
 {
     // The AttributeType on which the restriction is applied */
-    private String attributeType;
+    private AttributeType attributeType;
 
-    /** The list of allowed values */
-    private String valuesIn;
+    /** The list of allowed AttributeType values */
+    private AttributeType valuesIn;
 
 
     /**
@@ -38,7 +40,7 @@ public class RestrictedByElem
      * @param attributeType the attribute type to restrict
      * @param valuesIn the attribute type only whose values are allowed in <tt>attributeType</tt>.
      */
-    public RestrictedByElem( String attributeType, String valuesIn )
+    public RestrictedByElem( AttributeType attributeType, AttributeType valuesIn )
     {
         this.attributeType = attributeType;
         this.valuesIn = valuesIn;
@@ -48,7 +50,7 @@ public class RestrictedByElem
     /**
      * Returns the attribute type to restrict.
      */
-    public String getAttributeType()
+    public AttributeType getAttributeType()
     {
         return attributeType;
     }
@@ -58,7 +60,7 @@ public class RestrictedByElem
      * Returns the attribute type only whose values are allowed in
      * <tt>attributeType</tt>.
      */
-    public String getValuesIn()
+    public AttributeType getValuesIn()
     {
         return valuesIn;
     }
@@ -69,6 +71,6 @@ public class RestrictedByElem
      */
     public String toString()
     {
-        return "{ type " + attributeType + ", valuesIn " + valuesIn + " }";
+        return "{ type " + attributeType.getName() + ", valuesIn " + valuesIn.getName() + " }";
     }
 }

Modified: directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ACIItemParserTest.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ACIItemParserTest.java?rev=959741&r1=959740&r2=959741&view=diff
==============================================================================
--- directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ACIItemParserTest.java (original)
+++ directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ACIItemParserTest.java Thu Jul  1 18:29:27 2010
@@ -423,12 +423,40 @@ public class ACIItemParserTest
     @Test 
     public void testMaxValueCountComponentsOrderDoesNotMatter() throws Exception
     {
-        String spec = "{ identificationTag \"id2\"   , precedence 14, authenticationLevel none  , "
-            + "itemOrUserFirst userFirst:  { userClasses {  allUsers  , name { \"ou=people,cn=ersin\" }, "
-            + "subtree {{ base \"ou=system\"}, { base \"ou=ORGANIZATIONUNIT\"," + "minimum  1, maximum   2 } } }  , "
-            + "userPermissions { { protectedItems{ entry  , "
-            + "maxValueCount { { type 10.11.12, maxCount 10 }, { maxCount 20, type 11.12.13  } } "
-            + " }  , grantsAndDenials { grantBrowse } } } }  }   ";
+        String spec = 
+            "{ " +
+            "  identificationTag \"id2\"   , " +
+            "  precedence 14, " +
+            "  authenticationLevel none  , " +
+            "  itemOrUserFirst userFirst:  " +
+            "  { " +
+            "    userClasses " +
+            "    {  " +
+            "      allUsers  , " +
+            "      name { \"ou=people,cn=ersin\" }, " +
+            "      subtree " +
+            "      {" +
+            "        { base \"ou=system\"}, " +
+            "        { base \"ou=ORGANIZATIONUNIT\", minimum  1, maximum   2 } " +
+            "      } " +
+            "    }  , "+
+            "    userPermissions " +
+            "    { " +
+            "      { " +
+            "        protectedItems" +
+            "        { " +
+            "          entry  , " +
+            "          maxValueCount " +
+            "          { " +
+            "            { type 2.5.4.3, maxCount 10 }, " +
+            "            { maxCount 20, type 2.5.4.3  } " +
+            "          } " +
+            "        }  , " +
+            "        grantsAndDenials { grantBrowse } " +
+            "      } " +
+            "    } " +
+            "  } " +
+            "}   ";
 
         ACIItem item = parser.parse( spec );
         checkItemToString( spec, item );
@@ -442,7 +470,7 @@ public class ACIItemParserTest
             + "itemOrUserFirst userFirst:  { userClasses {  allUsers  , name { \"ou=people,cn=ersin\" }, "
             + "subtree {{ base \"ou=system\" }, { base \"ou=ORGANIZATIONUNIT\"," + "minimum  1, maximum   2 } } }  , "
             + "userPermissions { { protectedItems{ entry  , "
-            + "restrictedBy { { type 10.11.12, valuesIn ou }, { valuesIn cn, type 11.12.13  } } "
+            + "restrictedBy { { type 2.5.4.3, valuesIn ou }, { valuesIn cn, type 2.5.4.3  } } "
             + " }  , grantsAndDenials { grantBrowse } } } }  }   ";
 
         ACIItem item = parser.parse( spec );

Modified: directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ProtectedItem_MaxValueCountTest.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ProtectedItem_MaxValueCountTest.java?rev=959741&r1=959740&r2=959741&view=diff
==============================================================================
--- directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ProtectedItem_MaxValueCountTest.java (original)
+++ directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ProtectedItem_MaxValueCountTest.java Thu Jul  1 18:29:27 2010
@@ -30,6 +30,7 @@ import org.apache.directory.junit.tools.
 import org.apache.directory.junit.tools.ConcurrentJunitRunner;
 import org.apache.directory.shared.ldap.aci.protectedItem.MaxValueCountElem;
 import org.apache.directory.shared.ldap.aci.protectedItem.MaxValueCountItem;
+import org.apache.directory.shared.ldap.schema.AttributeType;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -57,10 +58,10 @@ public class ProtectedItem_MaxValueCount
     public void initNames() throws Exception
     {
 
-        MaxValueCountElem mvciA = new MaxValueCountElem( "aa", 1 );
-        MaxValueCountElem mvciB = new MaxValueCountElem( "bb", 2 );
-        MaxValueCountElem mvciC = new MaxValueCountElem( "cc", 3 );
-        MaxValueCountElem mvciD = new MaxValueCountElem( "dd", 4 );
+        MaxValueCountElem mvciA = new MaxValueCountElem( new AttributeType( "aa" ), 1 );
+        MaxValueCountElem mvciB = new MaxValueCountElem( new AttributeType( "bb" ), 2 );
+        MaxValueCountElem mvciC = new MaxValueCountElem( new AttributeType( "cc" ), 3 );
+        MaxValueCountElem mvciD = new MaxValueCountElem( new AttributeType( "dd" ), 4 );
 
         Set<MaxValueCountElem> colA = new HashSet<MaxValueCountElem>();
         colA.add( mvciA );

Modified: directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ProtectedItem_RestrictedByTest.java
URL: http://svn.apache.org/viewvc/directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ProtectedItem_RestrictedByTest.java?rev=959741&r1=959740&r2=959741&view=diff
==============================================================================
--- directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ProtectedItem_RestrictedByTest.java (original)
+++ directory/shared/trunk/ldap-aci/src/test/java/org/apache/directory/shared/ldap/aci/ProtectedItem_RestrictedByTest.java Thu Jul  1 18:29:27 2010
@@ -30,6 +30,7 @@ import org.apache.directory.junit.tools.
 import org.apache.directory.junit.tools.ConcurrentJunitRunner;
 import org.apache.directory.shared.ldap.aci.protectedItem.RestrictedByElem;
 import org.apache.directory.shared.ldap.aci.protectedItem.RestrictedByItem;
+import org.apache.directory.shared.ldap.schema.AttributeType;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -56,10 +57,10 @@ public class ProtectedItem_RestrictedByT
     @Before
     public void initNames() throws Exception
     {
-        RestrictedByElem rbiA = new RestrictedByElem( "aa", "aa" );
-        RestrictedByElem rbiB = new RestrictedByElem( "bb", "bb" );
-        RestrictedByElem rbiC = new RestrictedByElem( "cc", "cc" );
-        RestrictedByElem rbiD = new RestrictedByElem( "dd", "dd" );
+        RestrictedByElem rbiA = new RestrictedByElem( new AttributeType( "aa" ), new AttributeType( "aa" ) );
+        RestrictedByElem rbiB = new RestrictedByElem( new AttributeType( "bb" ), new AttributeType( "bb" ) );
+        RestrictedByElem rbiC = new RestrictedByElem( new AttributeType( "cc" ), new AttributeType( "cc" ) );
+        RestrictedByElem rbiD = new RestrictedByElem( new AttributeType( "dd" ), new AttributeType( "dd" ) );
 
         Set<RestrictedByElem> colA = new HashSet<RestrictedByElem>();
         colA.add( rbiA );



Mime
View raw message