223    * @param container  The LDAP operation container to use in the evaluations.
230       AciLDAPOperationContainer container, final Entry e,
286         || (!skipCheck && !rightsAccessAllowed(container, handler, attrMask)))
292     // the container will be manipulated. First set the flag that
295     container.setGetEffectiveRightsEval();
296     container.useAuthzid(true);
303       addAttributeLevelRights(container, handler, attrMask, e, nonRightsAttrs,
306     addAttributeLevelRights(container, handler, attrMask, e, container
308     addEntryLevelRights(container, handler, attrMask, e, skipCheck);
328    * @param container
329    *          The LDAP operation container to use in the evaluations.
347       AciLDAPOperationContainer container, AciHandler handler, int mask,
358       container.setCurrentAttributeType(a);
359       container.setCurrentAttributeValue(null);
361       container.setRights(ACI_SEARCH | ACI_SKIP_PROXY_CHECK);
362       evalInfo.append(rightsString(container, handler, skipCheck, "search"));
363       addAttrLevelRightsInfo(container, mask, a, retEntry, "search");
366       container.setRights(ACI_READ | ACI_SKIP_PROXY_CHECK);
367       evalInfo.append(rightsString(container, handler, skipCheck, "read"));
368       addAttrLevelRightsInfo(container, mask, a, retEntry, "read");
371       container.setRights(ACI_COMPARE | ACI_SKIP_PROXY_CHECK);
372       evalInfo.append(rightsString(container, handler, skipCheck, "compare"));
373       addAttrLevelRightsInfo(container, mask, a, retEntry, "compare");
379       container.setCurrentAttributeValue(val);
380       evalInfo.append(attributeLevelWriteRights(container, handler, skipCheck));
381       addAttrLevelRightsInfo(container, mask, a, retEntry, "write");
384       ByteString val1 = ByteString.valueOfUtf8(container.getClientDN().toString());
387         container.setCurrentAttributeType(dnAttributeType);
389       container.setCurrentAttributeValue(val1);
390       container.setRights(ACI_WRITE_ADD | ACI_SKIP_PROXY_CHECK);
391       evalInfo.append(rightsString(container, handler, skipCheck,
393       addAttrLevelRightsInfo(container, mask, a, retEntry, "selfwrite_add");
395       container.setRights(ACI_WRITE_DELETE | ACI_SKIP_PROXY_CHECK);
396       evalInfo.append(rightsString(container, handler, skipCheck,
398       addAttrLevelRightsInfo(container, mask, a, retEntry, "selfwrite_delete");
400       container.setCurrentAttributeType(a);
401       container.setCurrentAttributeValue(null);
402                 container.setRights(ACI_PROXY | ACI_SKIP_PROXY_CHECK);
403       evalInfo.append(rightsString(container, handler, skipCheck, "proxy"));
404       addAttrLevelRightsInfo(container, mask, a, retEntry, "proxy");
420     container.setCurrentAttributeValue(null);
421     container.setCurrentAttributeType(null);
437    * @param container
438    *          The LDAP operation container to use in the evaluations.
447       AciLDAPOperationContainer container, AciHandler handler,
455     if(skipCheck && container.isAuthzidAuthorizationDN()) {
457       container.setEvaluationResult(EnumEvalReason.SKIP_ACI, null);
458       container.setEvalSummary(createSummary(container, true));
461       container.resetEffectiveRightsParams();
463       container.setTargAttrFiltersAciName(null);
464       container.setRights(ACI_WRITE_ADD | ACI_SKIP_PROXY_CHECK);
465       final boolean addRet = handler.accessAllowed(container)
466               && container.getTargAttrFiltersAciName() == null;
467       container.setRights(ACI_WRITE_DELETE | ACI_SKIP_PROXY_CHECK);
468       final boolean delRet = handler.accessAllowed(container)
469               && container.getTargAttrFiltersAciName() == null;
479         if(container.getTargAttrFiltersAciName() != null) {
496    * @param container
497    *          The LDAP operation container to use in the evaluations.
509   private static void addEntryLevelRights(AciLDAPOperationContainer container,
515     container.setCurrentAttributeType(null);
516     container.setRights(ACI_ADD | ACI_SKIP_PROXY_CHECK);
517     evalInfo.append(rightsString(container, handler, skipCheck, "add"));
518     addEntryLevelRightsInfo(container, mask, retEntry, "add");
520     container.setCurrentAttributeType(null);
521     container.setRights(ACI_DELETE | ACI_SKIP_PROXY_CHECK);
522     evalInfo.append(rightsString(container, handler, skipCheck, "delete"));
523     addEntryLevelRightsInfo(container, mask, retEntry, "delete");
527     container.setCurrentAttributeType(null);
528     container.setRights(ACI_READ | ACI_SKIP_PROXY_CHECK);
529     evalInfo.append(rightsString(container, handler, skipCheck, "read"));
530     addEntryLevelRightsInfo(container, mask, retEntry, "read");
533     container.setCurrentAttributeType(null);
534     container.setRights(ACI_WRITE| ACI_SKIP_PROXY_CHECK);
535     evalInfo.append(rightsString(container, handler, skipCheck, "write"));
536     addEntryLevelRightsInfo(container, mask, retEntry, "write");
538     container.setCurrentAttributeType(null);
539     container.setRights(ACI_PROXY| ACI_SKIP_PROXY_CHECK);
540     evalInfo.append(rightsString(container, handler, skipCheck, "proxy"));
541     addEntryLevelRightsInfo(container, mask, retEntry, "proxy");
551    * with no current attribute type set in the container. For that case the
554    * @param container The LDAP operation container to use in the evaluations.
563   String rightsString(AciLDAPOperationContainer container,
567     container.resetEffectiveRightsParams();
572     if(skipCheck && container.isAuthzidAuthorizationDN()) {
574       container.setEvaluationResult(EnumEvalReason.SKIP_ACI, null);
575       container.setEvalSummary(createSummary(container, true));
579       if(container.hasRights(ACI_READ) &&
580          container.getCurrentAttributeType() == null)
582         ret=handler.accessAllowedEntry(container);
586         ret=handler.accessAllowed(container);
599    * @param container The LDAP operation container to use in the evaluations.
607   boolean rightsAccessAllowed(AciLDAPOperationContainer container,
611         container.setCurrentAttributeType(aclRights);
612         container.setRights(ACI_READ | ACI_SKIP_PROXY_CHECK);
613         retRight=handler.accessAllowed(container);
616         container.setCurrentAttributeType(aclRightsInfo);
617         container.setRights(ACI_READ | ACI_SKIP_PROXY_CHECK);
618         retInfo=handler.accessAllowed(container);
628    * @param container  The LDAP operation container to use in the evaluations.
636   void addAttrLevelRightsInfo(AciLDAPOperationContainer container, int mask,
647       Attribute attr = Attributes.create(attributeType, container.getEvalSummary());
661    * @param container   The LDAP operation container to use in the evaluations.
668    void addEntryLevelRightsInfo(AciLDAPOperationContainer container, int mask,
675       Attribute attr = Attributes.create(typeStr, container.getEvalSummary());

Indexes created Tue Jul 24 14:28:13 CEST 2018