Class AciEffectiveRights
- java.lang.Object
-
- org.opends.server.authorization.dseecompat.AciEffectiveRights
-
public final class AciEffectiveRights extends Object
This class implements the dseecompat geteffectiverights evaluation.
-
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static void
addRightsToEntry(AciHandler handler, Set<String> searchAttributes, org.opends.server.authorization.dseecompat.AciLDAPOperationContainer container, Entry e, boolean skipCheck, Schema schema)
Attempts to add the geteffectiverights asked for in the search to the entry being returned.static String
createSummary(AciEvalContext evalCtx, boolean evalRet)
Create the summary string used in the aclRightsInfo log string.static void
finalizeOnShutdown()
Finalizes static variables on shutdown so that we release the memory associated with them (for the unit tests) and get fresh copies if we're doing an in-core restart.static boolean
setTargAttrAci(AciEvalContext evalCtx, Aci aci, boolean denyAci)
If the specified ACI is in the targattrfilters hashtable contained in the evaluation context, set the evaluation context's targattrfilters match variable to either ACL_TARGATTR_DENY_MATCH or ACL_TARGATTR_ALLOW_MATCH depending on the value of the variable denyAci.
-
-
-
Method Detail
-
addRightsToEntry
public static void addRightsToEntry(AciHandler handler, Set<String> searchAttributes, org.opends.server.authorization.dseecompat.AciLDAPOperationContainer container, Entry e, boolean skipCheck, Schema schema)
Attempts to add the geteffectiverights asked for in the search to the entry being returned. The two geteffectiverights attributes that can be requested are: aclRights and aclRightsInfo. The aclRightsInfo attribute will return a summary string describing in human readable form, a summary of each requested evaluation result. Here is a sample aclRightsInfo summary:acl_summary(main): access_not_allowed(proxy) on entry/attr(uid=proxieduser,ou=acis,dc=example,dc=com, NULL) to (uid=superuser,ou=acis,dc=example,dc=com) (not proxied) (reason: no acis matched the resource )
add:0,delete:0,read:1,write:?,proxy:0
There are two levels of rights information:
- entryLevel - entry level rights information
- attributeLevel - attribute level rights information
- aclRights;entryLevel
- aclRights entry level presentation
- aclRightsInfo;log;entryLevel;{right}
- aclRightsInfo entry level presentation for each type of right (proxy, read, write, add, delete).
- aclRights;attributeLevel;{attributeType name}
- aclRights attribute level presentation for each attribute type requested.
- aclRights;attributeLevel;logs;{right};{attributeType name}
- aclRightsInfo attribute level presentation for each attribute type requested.
- Parameters:
handler
- The ACI handler to use in the evaluation.searchAttributes
- The attributes requested in the search.container
- The LDAP operation container to use in the evaluations.e
- The entry to add the rights attributes to.skipCheck
- True if ACI evaluation was skipped because bypass-acl privilege was found.schema
- The schema to use
-
createSummary
public static String createSummary(AciEvalContext evalCtx, boolean evalRet)
Create the summary string used in the aclRightsInfo log string.- Parameters:
evalCtx
- The evaluation context to gather information from.evalRet
- The value returned from the access evaluation.- Returns:
- A summary of the ACI evaluation
-
setTargAttrAci
public static boolean setTargAttrAci(AciEvalContext evalCtx, Aci aci, boolean denyAci)
If the specified ACI is in the targattrfilters hashtable contained in the evaluation context, set the evaluation context's targattrfilters match variable to either ACL_TARGATTR_DENY_MATCH or ACL_TARGATTR_ALLOW_MATCH depending on the value of the variable denyAci.- Parameters:
evalCtx
- The evaluation context to evaluate and save information to.aci
- The ACI to match.denyAci
- True if the evaluation was a allow, false if the evaluation was an deny or the ACI is not in the table.- Returns:
- True if the ACI was found in the hashtable.
-
finalizeOnShutdown
public static void finalizeOnShutdown()
Finalizes static variables on shutdown so that we release the memory associated with them (for the unit tests) and get fresh copies if we're doing an in-core restart.
-
-