001    /*
002     *  Licensed to the Apache Software Foundation (ASF) under one
003     *  or more contributor license agreements.  See the NOTICE file
004     *  distributed with this work for additional information
005     *  regarding copyright ownership.  The ASF licenses this file
006     *  to you under the Apache License, Version 2.0 (the
007     *  "License"); you may not use this file except in compliance
008     *  with the License.  You may obtain a copy of the License at
009     *  
010     *    http://www.apache.org/licenses/LICENSE-2.0
011     *  
012     *  Unless required by applicable law or agreed to in writing,
013     *  software distributed under the License is distributed on an
014     *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015     *  KIND, either express or implied.  See the License for the
016     *  specific language governing permissions and limitations
017     *  under the License. 
018     *  
019     */
020    package org.apache.directory.server.core.authz.support;
021    
022    
023    import java.util.Collection;
024    import java.util.Iterator;
025    
026    import javax.naming.NamingException;
027    
028    import org.apache.directory.server.core.interceptor.context.OperationContext;
029    import org.apache.directory.shared.ldap.aci.ACITuple;
030    import org.apache.directory.shared.ldap.aci.MicroOperation;
031    import org.apache.directory.shared.ldap.constants.AuthenticationLevel;
032    import org.apache.directory.shared.ldap.entry.ServerEntry;
033    import org.apache.directory.shared.ldap.entry.Value;
034    import org.apache.directory.shared.ldap.name.DN;
035    import org.apache.directory.shared.ldap.schema.SchemaManager;
036    
037    
038    /**
039     * An {@link ACITupleFilter} that discard tuples which doesn't contain any
040     * related {@link MicroOperation}s. (18.8.3.4, X.501) 
041     *
042     * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
043     * @version $Rev: 927146 $, $Date: 2010-03-24 19:39:54 +0100 (Wed, 24 Mar 2010) $
044     *
045     */
046    public class MicroOperationFilter implements ACITupleFilter
047    {
048        public Collection<ACITuple> filter( 
049                SchemaManager schemaManager, 
050                Collection<ACITuple> tuples, 
051                OperationScope scope, 
052                OperationContext opContext,
053                Collection<DN> userGroupNames, 
054                DN userName, 
055                ServerEntry userEntry, 
056                AuthenticationLevel authenticationLevel,
057                DN entryName, 
058                String attrId, 
059                Value<?> attrValue, 
060                ServerEntry entry, 
061                Collection<MicroOperation> microOperations,
062                ServerEntry entryView )
063            throws NamingException
064        {
065            if ( tuples.size() == 0 )
066            {
067                return tuples;
068            }
069    
070            for ( Iterator<ACITuple> i = tuples.iterator(); i.hasNext(); )
071            {
072                ACITuple tuple = i.next();
073    
074                /*
075                 * The ACITuple must contain all the MicroOperations specified within the
076                 * microOperations argument.  Just matching a single microOperation is not
077                 * enough.  All must be matched to retain the ACITuple.
078                 */
079    
080                boolean retain = true;
081                
082                for ( MicroOperation microOp:microOperations )
083                {
084                    if ( !tuple.getMicroOperations().contains( microOp ) )
085                    {
086                        retain = false;
087                        break;
088                    }
089                }
090    
091                if ( !retain )
092                {
093                    i.remove();
094                }
095            }
096    
097            return tuples;
098        }
099    
100    }