From commits-return-35091-apmail-directory-commits-archive=directory.apache.org@directory.apache.org  Wed Dec 12 21:38:08 2012
Return-Path: <commits-return-35091-apmail-directory-commits-archive=directory.apache.org@directory.apache.org>
X-Original-To: apmail-directory-commits-archive@www.apache.org
Delivered-To: apmail-directory-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 582BFD407
	for <apmail-directory-commits-archive@www.apache.org>; Wed, 12 Dec 2012 21:38:08 +0000 (UTC)
Received: (qmail 71550 invoked by uid 500); 12 Dec 2012 21:38:08 -0000
Delivered-To: apmail-directory-commits-archive@directory.apache.org
Received: (qmail 71520 invoked by uid 500); 12 Dec 2012 21:38:08 -0000
Mailing-List: contact commits-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@directory.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@directory.apache.org>
List-Post: <mailto:commits@directory.apache.org>
List-Id: <commits.directory.apache.org>
Reply-To: dev@directory.apache.org
Delivered-To: mailing list commits@directory.apache.org
Received: (qmail 71513 invoked by uid 99); 12 Dec 2012 21:38:08 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Dec 2012 21:38:08 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=5.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Dec 2012 21:38:07 +0000
Received: from eris.apache.org (localhost [127.0.0.1])
	by eris.apache.org (Postfix) with ESMTP id 01DA623889FD;
	Wed, 12 Dec 2012 21:37:47 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1420989 - in /directory/apacheds/trunk:
 interceptors/authz/src/main/java/org/apache/directory/server/core/authz/
 interceptors/operational/src/main/java/org/apache/directory/server/core/operational/
 interceptors/schema/src/main/java/org/apa...
Date: Wed, 12 Dec 2012 21:37:45 -0000
To: commits@directory.apache.org
From: elecharny@apache.org
X-Mailer: svnmailer-1.0.8-patched
Message-Id: <20121212213747.01DA623889FD@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: elecharny
Date: Wed Dec 12 21:37:44 2012
New Revision: 1420989

URL: http://svn.apache.org/viewvc?rev=1420989&view=rev
Log:
o Moved the attribute filtering from the AbstractBTreePartition class to SchemaInterceptor
o Fixed a huge issue that was introduced 7 years ago : when we were going through the ACI interceptor and doing a lookup, wth a standard user (not admin), then we were fetching the entry directly from the backend, instead of going through the whole chain
o Removed some filtering done in the OperationalAttributeInterceptor whil processing the Lookup Operation

Modified:
    directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
    directory/apacheds/trunk/interceptors/operational/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java
    directory/apacheds/trunk/interceptors/schema/src/main/java/org/apache/directory/server/core/schema/SchemaInterceptor.java
    directory/apacheds/trunk/xdbm-partition/src/main/java/org/apache/directory/server/core/partition/impl/btree/AbstractBTreePartition.java

Modified: directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java?rev=1420989&r1=1420988&r2=1420989&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/AciAuthorizationInterceptor.java Wed Dec 12 21:37:44 2012
@@ -805,6 +805,8 @@ public class AciAuthorizationInterceptor
     {
         CoreSession session = lookupContext.getSession();
 
+        Entry entry = next( lookupContext );
+
         LdapPrincipal principal = session.getEffectivePrincipal();
         Dn principalDn = principal.getDn();
 
@@ -813,11 +815,9 @@ public class AciAuthorizationInterceptor
         // Bypass this interceptor if we disabled the AC subsystem or if the principal is the admin
         if ( isPrincipalAnAdministrator( principalDn ) || !directoryService.isAccessControlEnabled() )
         {
-            return next( lookupContext );
+            return entry;
         }
 
-        Entry entry = directoryService.getPartitionNexus().lookup( lookupContext );
-
         checkLookupAccess( lookupContext, entry );
 
         return entry;

Modified: directory/apacheds/trunk/interceptors/operational/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/operational/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java?rev=1420989&r1=1420988&r2=1420989&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/operational/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/operational/src/main/java/org/apache/directory/server/core/operational/OperationalAttributeInterceptor.java Wed Dec 12 21:37:44 2012
@@ -299,45 +299,6 @@ public class OperationalAttributeInterce
     {
         Entry result = next( lookupContext );
 
-        if ( lookupContext.isAllUserAttributes() )
-        {
-            if ( lookupContext.isAllOperationalAttributes() )
-            {
-                // The user has requested '+' and '*', return everything.
-                return result;
-            }
-            else
-            {
-                filter( lookupContext, result );
-            }
-        }
-        else
-        {
-            if ( lookupContext.isAllOperationalAttributes() )
-            {
-                // Select the user attrinbutes from the result, depending on the returning attributes list
-                filterUserAttributes( lookupContext, result );
-            }
-            else if ( ( lookupContext.getReturningAttributes() == null ) || ( lookupContext.getReturningAttributes().size() == 0 ) )
-            {
-                // No returning attributes, return all the user attributes
-                // unless the user has requested no attributes
-                if ( lookupContext.isNoAttributes() )
-                {
-                    result.clear();
-                }
-                else
-                {
-                    filterOperationalAttributes( result );
-                }
-            }
-            else
-            {
-                // Deal with the returning attributes
-                filterList( lookupContext, result );
-            }
-        }
-
         denormalizeEntryOpAttrs( result );
 
         return result;

Modified: directory/apacheds/trunk/interceptors/schema/src/main/java/org/apache/directory/server/core/schema/SchemaInterceptor.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/interceptors/schema/src/main/java/org/apache/directory/server/core/schema/SchemaInterceptor.java?rev=1420989&r1=1420988&r2=1420989&view=diff
==============================================================================
--- directory/apacheds/trunk/interceptors/schema/src/main/java/org/apache/directory/server/core/schema/SchemaInterceptor.java (original)
+++ directory/apacheds/trunk/interceptors/schema/src/main/java/org/apache/directory/server/core/schema/SchemaInterceptor.java Wed Dec 12 21:37:44 2012
@@ -33,6 +33,7 @@ import org.apache.directory.server.core.
 import org.apache.directory.server.core.api.DirectoryService;
 import org.apache.directory.server.core.api.InterceptorEnum;
 import org.apache.directory.server.core.api.entry.ClonedServerEntry;
+import org.apache.directory.server.core.api.entry.ServerEntryUtils;
 import org.apache.directory.server.core.api.filtering.BaseEntryFilteringCursor;
 import org.apache.directory.server.core.api.filtering.EntryFilter;
 import org.apache.directory.server.core.api.filtering.EntryFilteringCursor;
@@ -1242,6 +1243,8 @@ public class SchemaInterceptor extends B
     public Entry lookup( LookupOperationContext lookupContext ) throws LdapException
     {
         Entry result = next( lookupContext );
+        
+        ServerEntryUtils.filterContents( result, lookupContext );
 
         filterBinaryAttributes( result );
 

Modified: directory/apacheds/trunk/xdbm-partition/src/main/java/org/apache/directory/server/core/partition/impl/btree/AbstractBTreePartition.java
URL: http://svn.apache.org/viewvc/directory/apacheds/trunk/xdbm-partition/src/main/java/org/apache/directory/server/core/partition/impl/btree/AbstractBTreePartition.java?rev=1420989&r1=1420988&r2=1420989&view=diff
==============================================================================
--- directory/apacheds/trunk/xdbm-partition/src/main/java/org/apache/directory/server/core/partition/impl/btree/AbstractBTreePartition.java (original)
+++ directory/apacheds/trunk/xdbm-partition/src/main/java/org/apache/directory/server/core/partition/impl/btree/AbstractBTreePartition.java Wed Dec 12 21:37:44 2012
@@ -1092,8 +1092,6 @@ public abstract class AbstractBTreeParti
         }
 
         Entry entry = lookup( id, lookupContext.getDn() );
-        
-        ServerEntryUtils.filterContents( entry, lookupContext );
 
         return entry;
     }