1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.directory.server.core.authz.support;
21
22
23 import java.util.ArrayList;
24 import java.util.Collection;
25
26 import org.apache.directory.api.ldap.aci.ACITuple;
27 import org.apache.directory.api.ldap.aci.ProtectedItem;
28 import org.apache.directory.api.ldap.aci.protectedItem.AllAttributeValuesItem;
29 import org.apache.directory.api.ldap.aci.protectedItem.AttributeTypeItem;
30 import org.apache.directory.api.ldap.aci.protectedItem.AttributeValueItem;
31 import org.apache.directory.api.ldap.aci.protectedItem.RangeOfValuesItem;
32 import org.apache.directory.api.ldap.aci.protectedItem.SelfValueItem;
33 import org.apache.directory.api.ldap.model.entry.Entry;
34 import org.apache.directory.api.ldap.model.exception.LdapException;
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51 public class MostSpecificProtectedItemFilter implements ACITupleFilter
52 {
53
54
55
56 @Override
57 public Collection<ACITuple> filter( AciContext aciContext, OperationScope scope, Entry userEntry )
58 throws LdapException
59 {
60 if ( aciContext.getAciTuples().size() <= 1 )
61 {
62 return aciContext.getAciTuples();
63 }
64
65 Collection<ACITuple> filteredTuples = new ArrayList<>();
66
67
68
69 for ( ACITuple tuple : aciContext.getAciTuples() )
70 {
71 for ( ProtectedItem item : tuple.getProtectedItems() )
72 {
73 if ( item instanceof AttributeTypeItem || item instanceof AllAttributeValuesItem
74 || item instanceof SelfValueItem || item instanceof AttributeValueItem )
75 {
76 filteredTuples.add( tuple );
77 break;
78 }
79 }
80 }
81
82 if ( !filteredTuples.isEmpty() )
83 {
84 return filteredTuples;
85 }
86
87
88
89
90
91 for ( ACITuple tuple : aciContext.getAciTuples() )
92 {
93 for ( ProtectedItem item : tuple.getProtectedItems() )
94 {
95 if ( item instanceof RangeOfValuesItem )
96 {
97 filteredTuples.add( tuple );
98 }
99 }
100 }
101
102 if ( !filteredTuples.isEmpty() )
103 {
104 return filteredTuples;
105 }
106
107 return aciContext.getAciTuples();
108 }
109 }