directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1051328 - /directory/apacheds/branches/apacheds-AP/core/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java
Date Tue, 21 Dec 2010 00:12:39 GMT
Author: elecharny
Date: Tue Dec 21 00:12:39 2010
New Revision: 1051328

URL: http://svn.apache.org/viewvc?rev=1051328&view=rev
Log:
Removed the add() method as it's now handled in the subtree interceptor

Modified:
    directory/apacheds/branches/apacheds-AP/core/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java

Modified: directory/apacheds/branches/apacheds-AP/core/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/branches/apacheds-AP/core/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java?rev=1051328&r1=1051327&r2=1051328&view=diff
==============================================================================
--- directory/apacheds/branches/apacheds-AP/core/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java
(original)
+++ directory/apacheds/branches/apacheds-AP/core/src/main/java/org/apache/directory/server/core/admin/AdministrativePointInterceptor.java
Tue Dec 21 00:12:39 2010
@@ -30,6 +30,7 @@ import java.util.concurrent.locks.Reentr
 
 import javax.naming.directory.SearchControls;
 
+import org.apache.directory.server.constants.ApacheSchemaConstants;
 import org.apache.directory.server.constants.ServerDNConstants;
 import org.apache.directory.server.core.CoreSession;
 import org.apache.directory.server.core.DefaultCoreSession;
@@ -54,9 +55,7 @@ import org.apache.directory.server.core.
 import org.apache.directory.server.core.authn.Authenticator;
 import org.apache.directory.server.core.filtering.EntryFilteringCursor;
 import org.apache.directory.server.core.interceptor.BaseInterceptor;
-import org.apache.directory.server.core.interceptor.Interceptor;
 import org.apache.directory.server.core.interceptor.NextInterceptor;
-import org.apache.directory.server.core.interceptor.context.AddOperationContext;
 import org.apache.directory.server.core.interceptor.context.DeleteOperationContext;
 import org.apache.directory.server.core.interceptor.context.ModifyOperationContext;
 import org.apache.directory.server.core.interceptor.context.MoveAndRenameOperationContext;
@@ -64,6 +63,7 @@ import org.apache.directory.server.core.
 import org.apache.directory.server.core.interceptor.context.RenameOperationContext;
 import org.apache.directory.server.core.interceptor.context.SearchOperationContext;
 import org.apache.directory.server.core.partition.PartitionNexus;
+import org.apache.directory.server.i18n.I18n;
 import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
 import org.apache.directory.shared.ldap.constants.SchemaConstants;
 import org.apache.directory.shared.ldap.entry.DefaultEntryAttribute;
@@ -75,6 +75,7 @@ import org.apache.directory.shared.ldap.
 import org.apache.directory.shared.ldap.exception.LdapInvalidAttributeValueException;
 import org.apache.directory.shared.ldap.exception.LdapNoSuchAttributeException;
 import org.apache.directory.shared.ldap.exception.LdapOperationException;
+import org.apache.directory.shared.ldap.exception.LdapSchemaViolationException;
 import org.apache.directory.shared.ldap.exception.LdapUnwillingToPerformException;
 import org.apache.directory.shared.ldap.filter.ExprNode;
 import org.apache.directory.shared.ldap.filter.PresenceNode;
@@ -119,7 +120,10 @@ public class AdministrativePointIntercep
 
     /** A reference to the EntryUUID AT */
     private static AttributeType ENTRY_UUID_AT;
-
+    
+    /** A reference to the ObjectClass AT */
+    private static AttributeType OBJECT_CLASS_AT;
+    
     /** The possible roles */
     private static final Set<String> ROLES = new HashSet<String>();
 
@@ -241,24 +245,24 @@ public class AdministrativePointIntercep
     /**
      * Create the list of AP for a given entry
      */
-    private void createAdministrativePoints( EntryAttribute adminPoint, DN dn, String uuid
) throws LdapException
+    private void createAdministrativePoints( EntryAttribute adminPoint, DN dn, String uuid,
long seqNumber ) throws LdapException
     {
         if ( isAAP( adminPoint ) )
         {
             // The AC AAP
-            AccessControlAdministrativePoint acAap = new AccessControlAAP( dn, uuid );
+            AccessControlAdministrativePoint acAap = new AccessControlAAP( dn, uuid, seqNumber
);
             directoryService.getAccessControlAPCache().add( dn, acAap );
 
             // The CA AAP
-            CollectiveAttributeAdministrativePoint caAap = new CollectiveAttributeAAP( dn,
uuid );
+            CollectiveAttributeAdministrativePoint caAap = new CollectiveAttributeAAP( dn,
uuid, seqNumber );
             directoryService.getCollectiveAttributeAPCache().add( dn, caAap );
 
             // The TE AAP
-            TriggerExecutionAdministrativePoint teAap = new TriggerExecutionAAP( dn, uuid
);
+            TriggerExecutionAdministrativePoint teAap = new TriggerExecutionAAP( dn, uuid,
seqNumber );
             directoryService.getTriggerExecutionAPCache().add( dn, teAap );
 
             // The SS AAP
-            SubschemaAdministrativePoint ssAap = new SubschemaAAP( dn, uuid );
+            SubschemaAdministrativePoint ssAap = new SubschemaAAP( dn, uuid, seqNumber );
             directoryService.getSubschemaAPCache().add( dn, ssAap );
 
             // TODO : Here, we have to update the children, removing any 
@@ -275,7 +279,7 @@ public class AdministrativePointIntercep
             // Deal with AccessControl AP
             if ( isAccessControlSpecificRole( role ) )
             {
-                AccessControlAdministrativePoint sap = new AccessControlSAP( dn, uuid );
+                AccessControlAdministrativePoint sap = new AccessControlSAP( dn, uuid, seqNumber
);
                 directoryService.getAccessControlAPCache().add( dn, sap );
 
                 // TODO : Here, we have to update the children, removing any 
@@ -286,7 +290,7 @@ public class AdministrativePointIntercep
 
             if ( isAccessControlInnerRole( role ) )
             {
-                AccessControlAdministrativePoint iap = new AccessControlIAP( dn, uuid );
+                AccessControlAdministrativePoint iap = new AccessControlIAP( dn, uuid, seqNumber
);
                 directoryService.getAccessControlAPCache().add( dn, iap );
 
                 continue;
@@ -295,7 +299,7 @@ public class AdministrativePointIntercep
             // Deal with CollectiveAttribute AP
             if ( isCollectiveAttributeSpecificRole( role ) )
             {
-                CollectiveAttributeAdministrativePoint sap = new CollectiveAttributeSAP(
dn, uuid );
+                CollectiveAttributeAdministrativePoint sap = new CollectiveAttributeSAP(
dn, uuid, seqNumber );
                 directoryService.getCollectiveAttributeAPCache().add( dn, sap );
 
                 // TODO : Here, we have to update the children, removing any 
@@ -306,7 +310,7 @@ public class AdministrativePointIntercep
 
             if ( isCollectiveAttributeInnerRole( role ) )
             {
-                CollectiveAttributeAdministrativePoint iap = new CollectiveAttributeIAP(
dn, uuid );
+                CollectiveAttributeAdministrativePoint iap = new CollectiveAttributeIAP(
dn, uuid, seqNumber );
                 directoryService.getCollectiveAttributeAPCache().add( dn, iap );
 
                 continue;
@@ -315,7 +319,7 @@ public class AdministrativePointIntercep
             // Deal with SubSchema AP
             if ( isSubschemaSpecficRole( role ) )
             {
-                SubschemaAdministrativePoint sap = new SubschemaSAP( dn, uuid );
+                SubschemaAdministrativePoint sap = new SubschemaSAP( dn, uuid, seqNumber
);
                 directoryService.getSubschemaAPCache().add( dn, sap );
 
                 // TODO : Here, we have to update the children, removing any 
@@ -327,7 +331,7 @@ public class AdministrativePointIntercep
             // Deal with TriggerExecution AP
             if ( isTriggerExecutionSpecificRole( role ) )
             {
-                TriggerExecutionAdministrativePoint sap = new TriggerExecutionSAP( dn, uuid
);
+                TriggerExecutionAdministrativePoint sap = new TriggerExecutionSAP( dn, uuid,
seqNumber );
                 directoryService.getTriggerExecutionAPCache().add( dn, sap );
 
                 // TODO : Here, we have to update the children, removing any 
@@ -338,7 +342,7 @@ public class AdministrativePointIntercep
 
             if ( isTriggerExecutionInnerRole( role ) )
             {
-                TriggerExecutionAdministrativePoint iap = new TriggerExecutionIAP( dn, uuid
);
+                TriggerExecutionAdministrativePoint iap = new TriggerExecutionIAP( dn, uuid,
seqNumber );
                 directoryService.getTriggerExecutionAPCache().add( dn, iap );
 
                 continue;
@@ -354,25 +358,25 @@ public class AdministrativePointIntercep
      */
     private void addRole( String role, DN dn, String uuid, DnNode<AdministrativePoint>
acapCache,
         DnNode<AdministrativePoint> caapCache, DnNode<AdministrativePoint> teapCache,
-        DnNode<AdministrativePoint> ssapCache ) throws LdapException
+        DnNode<AdministrativePoint> ssapCache, long seqNumber ) throws LdapException
     {
         // Deal with Autonomous AP : create the 4 associated SAP/AAP
         if ( isAutonomousAreaRole( role ) )
         {
             // The AC AAP
-            AccessControlAdministrativePoint acAap = new AccessControlAAP( dn, uuid );
+            AccessControlAdministrativePoint acAap = new AccessControlAAP( dn, uuid, seqNumber
);
             acapCache.add( dn, acAap );
 
             // The CA AAP
-            CollectiveAttributeAdministrativePoint caAap = new CollectiveAttributeAAP( dn,
uuid );
+            CollectiveAttributeAdministrativePoint caAap = new CollectiveAttributeAAP( dn,
uuid, seqNumber );
             caapCache.add( dn, caAap );
 
             // The TE AAP
-            TriggerExecutionAdministrativePoint teAap = new TriggerExecutionAAP( dn, uuid
);
+            TriggerExecutionAdministrativePoint teAap = new TriggerExecutionAAP( dn, uuid,
seqNumber );
             teapCache.add( dn, teAap );
 
             // The SS AAP
-            SubschemaAdministrativePoint ssAap = new SubschemaAAP( dn, uuid );
+            SubschemaAdministrativePoint ssAap = new SubschemaAAP( dn, uuid, seqNumber );
             ssapCache.add( dn, ssAap );
             
             // If it's an AAP, we can get out immediately
@@ -382,7 +386,7 @@ public class AdministrativePointIntercep
         // Deal with AccessControl AP
         if ( isAccessControlSpecificRole( role ) )
         {
-            AccessControlAdministrativePoint sap = new AccessControlSAP( dn, uuid );
+            AccessControlAdministrativePoint sap = new AccessControlSAP( dn, uuid, seqNumber
);
             acapCache.add( dn, sap );
 
             return;
@@ -390,7 +394,7 @@ public class AdministrativePointIntercep
 
         if ( isAccessControlInnerRole( role ) )
         {
-            AccessControlAdministrativePoint iap = new AccessControlIAP( dn, uuid );
+            AccessControlAdministrativePoint iap = new AccessControlIAP( dn, uuid, seqNumber
);
             acapCache.add( dn, iap );
 
             return;
@@ -399,7 +403,7 @@ public class AdministrativePointIntercep
         // Deal with CollectiveAttribute AP
         if ( isCollectiveAttributeSpecificRole( role ) )
         {
-            CollectiveAttributeAdministrativePoint sap = new CollectiveAttributeSAP( dn,
uuid );
+            CollectiveAttributeAdministrativePoint sap = new CollectiveAttributeSAP( dn,
uuid, seqNumber );
             caapCache.add( dn, sap );
 
             return;
@@ -407,7 +411,7 @@ public class AdministrativePointIntercep
 
         if ( isCollectiveAttributeInnerRole( role ) )
         {
-            CollectiveAttributeAdministrativePoint iap = new CollectiveAttributeIAP( dn,
uuid );
+            CollectiveAttributeAdministrativePoint iap = new CollectiveAttributeIAP( dn,
uuid, seqNumber );
             caapCache.add( dn, iap );
 
             return;
@@ -416,7 +420,7 @@ public class AdministrativePointIntercep
         // Deal with SubSchema AP
         if ( isSubschemaSpecficRole( role ) )
         {
-            SubschemaAdministrativePoint sap = new SubschemaSAP( dn, uuid );
+            SubschemaAdministrativePoint sap = new SubschemaSAP( dn, uuid, seqNumber );
             ssapCache.add( dn, sap );
 
             return;
@@ -425,7 +429,7 @@ public class AdministrativePointIntercep
         // Deal with TriggerExecution AP
         if ( isTriggerExecutionSpecificRole( role ) )
         {
-            TriggerExecutionAdministrativePoint sap = new TriggerExecutionSAP( dn, uuid );
+            TriggerExecutionAdministrativePoint sap = new TriggerExecutionSAP( dn, uuid,
seqNumber );
             teapCache.add( dn, sap );
 
             return;
@@ -433,7 +437,7 @@ public class AdministrativePointIntercep
 
         if ( isTriggerExecutionInnerRole( role ) )
         {
-            TriggerExecutionAdministrativePoint iap = new TriggerExecutionIAP( dn, uuid );
+            TriggerExecutionAdministrativePoint iap = new TriggerExecutionIAP( dn, uuid,
seqNumber );
             teapCache.add( dn, iap );
 
             return;
@@ -615,7 +619,7 @@ public class AdministrativePointIntercep
      */
     private AdministrativePoint findParentAP( DN entryDn, DnNode<AdministrativePoint>
currentNode )
     {
-        AdministrativePoint aps = currentNode.getElement();
+        DnNode<AdministrativePoint> aps = currentNode.getNode( entryDn );
         
         if ( aps == null )
         {
@@ -623,66 +627,13 @@ public class AdministrativePointIntercep
         }
         else
         {
-            return aps;
+            AdministrativePoint ap = aps.getElement();
+            System.out.println( "AP ---> " + ap );
+            return ap;
         }
     }
 
     
-    /**
-     * Check if we can safely add a role. If it's an AAP, we have to be sure that
-     * it's the only role present in the AT.
-     */
-    private void checkAddRole( Value<?> role, EntryAttribute adminPoint, DN dn ) throws
LdapException
-    {
-        String roleStr = StringTools.toLowerCase( StringTools.trim( role.getString() ) );
-
-        // Check that the added AdministrativeRole is valid
-        if ( !ROLES.contains( roleStr ) )
-        {
-            String message = "Cannot add the given role, it's not a valid one :" + role;
-            LOG.error( message );
-            throw new LdapUnwillingToPerformException( message );
-        }
-
-        // If we are trying to add an AAP, we have to check that 
-        // it's the only role in the AdminPoint AT
-        if ( isAutonomousAreaRole( roleStr ) )
-        {
-            if ( adminPoint.size() > 1 )
-            {
-                String message = "Cannot add an Autonomous Administratve Point when some
other roles are added : "
-                    + adminPoint;
-                LOG.error( message );
-                throw new LdapUnwillingToPerformException( message );
-            }
-            else
-            {
-                // Fine : we only have one AAP
-                return;
-            }
-        }
-        
-        // Check that we don't have already an AAP in the AdminPoint AT when we try to
-        // add a role
-        if ( adminPoint.contains( SchemaConstants.AUTONOMOUS_AREA ) )
-        {
-            String message = "Cannot add a role when an Autonomous Administratve Point is
already present : "
-                + adminPoint;
-            LOG.error( message );
-            throw new LdapUnwillingToPerformException( message );
-        }
-
-        // check that we can't mix Inner and Specific areas
-        checkInnerSpecificMix( roleStr, adminPoint );
-
-        // Check that we don't add an IAP with no parent. The IAP must be added under
-        // either a AAP, or a SAP/IAP within the same family
-        if ( isIAP( roleStr ) )
-        {
-            checkIAPHasParent( roleStr, adminPoint, dn );
-        }
-    }
-
 
     /**
      * Check if we can safely delete a role
@@ -849,8 +800,9 @@ public class AdministrativePointIntercep
 
             String uuid = adminPointEntry.get( ENTRY_UUID_AT ).getString();
             EntryAttribute adminPoint = adminPointEntry.get( ADMINISTRATIVE_ROLE_AT );
+            long seqNumber = Long.parseLong( adminPointEntry.get( ApacheSchemaConstants.AP_SEQ_NUMBER_AT
).getString() );
 
-            createAdministrativePoints( adminPoint, dn, uuid );
+            createAdministrativePoints( adminPoint, dn, uuid , seqNumber);
         }
     }
 
@@ -1013,6 +965,9 @@ public class AdministrativePointIntercep
     }
 
 
+    /**
+     * Check that the AT contains the AccessControl SAP role
+     */
     private boolean hasAccessControlSpecificRole( EntryAttribute adminPoint )
     {
         return adminPoint.contains( SchemaConstants.ACCESS_CONTROL_SPECIFIC_AREA ) ||
@@ -1026,6 +981,9 @@ public class AdministrativePointIntercep
     }
 
 
+    /**
+     * Check that the AT contains the CollectiveAttribute SAP role
+     */
     private boolean hasCollectiveAttributeSpecificRole( EntryAttribute adminPoint )
     {
         return adminPoint.contains( SchemaConstants.COLLECTIVE_ATTRIBUTE_SPECIFIC_AREA )
||
@@ -1033,6 +991,9 @@ public class AdministrativePointIntercep
     }
 
 
+    /**
+     * Check that the AT contains the TriggerExecution SAP role
+     */
     private boolean hasTriggerExecutionSpecificRole( EntryAttribute adminPoint )
     {
         return adminPoint.contains( SchemaConstants.TRIGGER_EXECUTION_SPECIFIC_AREA ) ||
@@ -1041,6 +1002,16 @@ public class AdministrativePointIntercep
 
 
     /**
+     * Check that the AT contains the SubSchema SAP role
+     */
+    private boolean hasSubSchemaSpecificRole( EntryAttribute adminPoint )
+    {
+        return adminPoint.contains( SchemaConstants.SUB_SCHEMA_ADMIN_SPECIFIC_AREA ) ||
+               adminPoint.contains( SchemaConstants.SUB_SCHEMA_ADMIN_SPECIFIC_AREA_OID );
+    }
+
+
+    /**
      * Check that we don't have an IAP and a SAP with the same family
      */
     private void checkInnerSpecificMix( String role, EntryAttribute adminPoint ) throws LdapUnwillingToPerformException
@@ -1153,6 +1124,47 @@ public class AdministrativePointIntercep
             throw new LdapUnwillingToPerformException( message );
         }
     }
+    
+    
+    //-------------------------------------------------------------------------------------------
+    // Helper methods
+    //-------------------------------------------------------------------------------------------
+    /**
+     * Return the list of AdministrativeRole for a subentry
+     */
+    private Set<AdministrativeRole> getSubentryAdminRoles( Entry subentry ) throws
LdapException
+    {
+        Set<AdministrativeRole> adminRoles = new HashSet<AdministrativeRole>();
+
+        EntryAttribute oc = subentry.get( OBJECT_CLASS_AT );
+
+        if ( oc == null )
+        {
+            throw new LdapSchemaViolationException( ResultCodeEnum.OBJECT_CLASS_VIOLATION,
I18n.err( I18n.ERR_305 ) );
+        }
+
+        if ( oc.contains( SchemaConstants.ACCESS_CONTROL_SUBENTRY_OC ) )
+        {
+            adminRoles.add( AdministrativeRole.AccessControlInnerArea );
+        }
+
+        if ( oc.contains( SchemaConstants.SUBSCHEMA_OC ) )
+        {
+            adminRoles.add( AdministrativeRole.SubSchemaSpecificArea );
+        }
+
+        if ( oc.contains( SchemaConstants.COLLECTIVE_ATTRIBUTE_SUBENTRY_OC ) )
+        {
+            adminRoles.add( AdministrativeRole.CollectiveAttributeSpecificArea );
+        }
+
+        if ( oc.contains( ApacheSchemaConstants.TRIGGER_EXECUTION_SUBENTRY_OC ) )
+        {
+            adminRoles.add( AdministrativeRole.TriggerExecutionInnerArea );
+        }
+
+        return adminRoles;
+    }
 
 
     //-------------------------------------------------------------------------------------------
@@ -1173,11 +1185,11 @@ public class AdministrativePointIntercep
         // Init the At we use locally
         ADMINISTRATIVE_ROLE_AT = schemaManager.getAttributeType( SchemaConstants.ADMINISTRATIVE_ROLE_AT
);
         ENTRY_UUID_AT = schemaManager.getAttributeType( SchemaConstants.ENTRY_UUID_AT );
+        OBJECT_CLASS_AT = schemaManager.getAttributeType( SchemaConstants.OBJECT_CLASS_AT
);
 
         // Load all the AdministratvePoint :
         // Autonomous Administrative Point first, then Specific
         // administrative point, finally the Inner administrative Point
-        DN adminDn = new DN( ServerDNConstants.ADMIN_SYSTEM_DN, schemaManager );
 
         SearchControls controls = new SearchControls();
         controls.setSearchScope( SearchControls.SUBTREE_SCOPE );
@@ -1201,98 +1213,65 @@ public class AdministrativePointIntercep
     }
 
 
-    private void updateAPEntries( EntryAttribute adminPoint, String apUuid )
-    {
-        if ( isAAP( adminPoint ) )
-        {
-
-        }
-
-        return;
-    }
-
-
     /**
      * Add the AP seq number in the added entry. We have 2 cases :
      * - the entry is an AP or a subtree
      * - the entry is a standard entry
      */
-    private void addAPSeqNumber( boolean isAdmin, Entry entry )
+    private long addAPSeqNumber( boolean isAdmin, Entry entry ) throws LdapException
     {
+        long seqNumber = -1L;
+        
         // Check if we are adding an Administrative Point
         EntryAttribute adminPoint = entry.get( ADMINISTRATIVE_ROLE_AT );
 
         if ( adminPoint == null )
         {
-            // A normal entry. We have to search the AP it depends on, for each role
-            // if we have any
+            // A normal entry. We have to search the AP it depends on, and get the associated
SeqNumber
             AdministrativePoint ap = findParentAP( entry.getDn(), directoryService.getAccessControlAPCache()
);
             
+            // Get its SeqNumber if we found an AP
+            if ( ap != null )
+            {
+                seqNumber = ap.getSeqNumber();
+            }
         }
-    }
-    
-
-    /**
-     * Add an administrative point into the DIT.
-     * 
-     * We have to deal with some specific cases :
-     * <ul>
-     * <li>If it's an AA, then the added role should be the only one</li>
-     * <li>It's not possible to add IA and SA at the same time</li>
-     * 
-     * @param next The next {@link Interceptor} in the chain
-     * @param addContext The {@link AddOperationContext} instance
-     * @throws LdapException If we had some error while processing the Add operation
-     */
-    public void add( NextInterceptor next, AddOperationContext addContext ) throws LdapException
-    {
-        LOG.debug( "Entering into the Administrative Interceptor, addRequest" );
-        Entry entry = addContext.getEntry();
-        DN dn = entry.getDn();
-
-        // Check if we are adding an Administrative Point
-        EntryAttribute adminPoint = entry.get( ADMINISTRATIVE_ROLE_AT );
-
-        if ( adminPoint == null )
+        else
         {
-            // Not an AP. We still have to check the SeqNumber if this entry
-            // depends on an AP
-            
-            next.add( addContext );
-
-            LOG.debug( "Exit from Administrative Interceptor, no AP in the added entry" );
-
-            return;
+            // We have to inject a new SeqNumber in the added AdministrationPoint
+            seqNumber = directoryService.getNewApSeqNumber();
         }
 
-        LOG.debug( "Addition of an administrative point at {} for the role {}", dn, adminPoint
);
-
-        // Protect the AP caches against concurrent access
-        lockWrite();
-        
-        // Loop on all the added roles to check if they are valid
-        for ( Value<?> role : adminPoint )
+        // If the seqNumber is valid, add it to the entry
+        if ( seqNumber != -1 )
         {
-            checkAddRole( role, adminPoint, dn );
+            entry.add( ApacheSchemaConstants.AP_SEQ_NUMBER_AT, Long.toString( seqNumber )
);
         }
-
-        // Ok, we are golden.
-        next.add( addContext );
-
-        String apUuid = entry.get( ENTRY_UUID_AT ).getString();
-
-        // Now, update the AdminPoint cache
-        createAdministrativePoints( adminPoint, dn, apUuid );
-
-        // Release the APCaches lock
-        unlock();
         
-        LOG.debug( "Added an Administrative Point at {}", dn );
-
-        return;
+        return seqNumber;
     }
+    
+    
+    /**
+     * Tells if an entry is a subEntry. We check that the entry has the SubEntry ObjectClass
+     */
+    private boolean isSubentry( Entry entry )
+    {
+        return entry.hasObjectClass( SchemaConstants.SUBENTRY_OC );
+    }
+    
+    
+    /**
+     * Checks if the given DN is a namingContext
+     */
+    private boolean isNamingContext( DN dn ) throws LdapException
+    {
+        DN namingContext = nexus.findSuffix( dn );
 
+        return dn.equals( namingContext );
+    }
 
+    
     /**
      * We have to check that we can remove the associated AdministrativePoint : <br/>

      * <ul>
@@ -1303,6 +1282,7 @@ public class AdministrativePointIntercep
      */
     public void delete( NextInterceptor next, DeleteOperationContext deleteContext ) throws
LdapException
     {
+System.out.println( "addContext : " + deleteContext );
         Entry entry = deleteContext.getEntry();
         DN dn = entry.getDn();
 
@@ -1364,6 +1344,7 @@ public class AdministrativePointIntercep
      */
     public void modify( NextInterceptor next, ModifyOperationContext modifyContext ) throws
LdapException
     {
+System.out.println( "addContext : " + modifyContext );
         // We have to check that the modification is acceptable
         List<Modification> modifications = modifyContext.getModItems();
         DN dn = modifyContext.getDn();
@@ -1388,6 +1369,10 @@ public class AdministrativePointIntercep
         DnNode<AdministrativePoint> teapCacheCopy = directoryService.getTriggerExecutionAPCache().clone();
         DnNode<AdministrativePoint> ssapCacheCopy = directoryService.getSubschemaAPCache().clone();
         
+        long seqNumber = -1;
+        boolean isAdmin = modifyContext.getSession().getAuthenticatedPrincipal().getName().equals(
+            ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED );
+
         // Loop on the modification to select the AdministrativeRole and process it :
         // we will create a new AT containing all the roles after having applied the modifications
         // on it
@@ -1398,6 +1383,12 @@ public class AdministrativePointIntercep
             // Skip all the attributes but AdministrativeRole
             if ( attribute.getAttributeType() == ADMINISTRATIVE_ROLE_AT )
             {
+                if ( seqNumber == -1 )
+                {
+                    // We have to add the SeqNumber in this entry
+                    seqNumber = addAPSeqNumber( isAdmin, ( modifyContext.getEntry() ).getOriginalEntry()
);
+                }
+                
                 // Ok, we have a modification impacting the administrative role
                 // Apply it to a virtual AdministrativeRole attribute
                 switch ( modification.getOperation() )
@@ -1411,7 +1402,7 @@ public class AdministrativePointIntercep
 
                         for ( Value<?> role : attribute )
                         {
-                            addRole( role.getString(), dn, uuid, acapCacheCopy, caapCacheCopy,
teapCacheCopy, ssapCacheCopy );
+                            addRole( role.getString(), dn, uuid, acapCacheCopy, caapCacheCopy,
teapCacheCopy, ssapCacheCopy, seqNumber );
 
                             // Add the role to the modified attribute
                             modifiedAdminRole.add( role );



Mime
View raw message