001/*
002 *  Licensed to the Apache Software Foundation (ASF) under one
003 *  or more contributor license agreements.  See the NOTICE file
004 *  distributed with this work for additional information
005 *  regarding copyright ownership.  The ASF licenses this file
006 *  to you under the Apache License, Version 2.0 (the
007 *  "License"); you may not use this file except in compliance
008 *  with the License.  You may obtain a copy of the License at
009 *  
010 *    http://www.apache.org/licenses/LICENSE-2.0
011 *  
012 *  Unless required by applicable law or agreed to in writing,
013 *  software distributed under the License is distributed on an
014 *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 *  KIND, either express or implied.  See the License for the
016 *  specific language governing permissions and limitations
017 *  under the License. 
018 *  
019 */
020package org.apache.directory.server.core.authz.support;
021
022
023import java.util.Collection;
024import java.util.Iterator;
025
026import org.apache.directory.api.ldap.aci.ACITuple;
027import org.apache.directory.api.ldap.aci.ProtectedItem;
028import org.apache.directory.api.ldap.aci.protectedItem.MaxValueCountElem;
029import org.apache.directory.api.ldap.aci.protectedItem.MaxValueCountItem;
030import org.apache.directory.api.ldap.model.entry.Attribute;
031import org.apache.directory.api.ldap.model.entry.Entry;
032import org.apache.directory.api.ldap.model.exception.LdapException;
033import org.apache.directory.api.ldap.model.schema.AttributeType;
034
035
036/**
037 * An {@link ACITupleFilter} that discards all tuples that doesn't satisfy
038 * {@link org.apache.directory.api.ldap.aci.protectedItem.MaxValueCountItem} constraint if available. (18.8.3.3, X.501)
039 *
040 * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
041 */
042public class MaxValueCountFilter implements ACITupleFilter
043{
044    /**
045     * {@inheritDoc}
046     */
047    @Override
048    public Collection<ACITuple> filter( AciContext aciContext, OperationScope scope, Entry userEntry )
049        throws LdapException
050    {
051        if ( scope != OperationScope.ATTRIBUTE_TYPE_AND_VALUE )
052        {
053            return aciContext.getAciTuples();
054        }
055
056        if ( aciContext.getAciTuples().isEmpty() )
057        {
058            return aciContext.getAciTuples();
059        }
060
061        for ( Iterator<ACITuple> i = aciContext.getAciTuples().iterator(); i.hasNext(); )
062        {
063            ACITuple tuple = i.next();
064
065            if ( !tuple.isGrant() )
066            {
067                continue;
068            }
069
070            for ( Iterator<ProtectedItem> j = tuple.getProtectedItems().iterator(); j.hasNext(); )
071            {
072                ProtectedItem item = j.next();
073
074                if ( item instanceof MaxValueCountItem )
075                {
076                    MaxValueCountItem mvc = ( MaxValueCountItem ) item;
077
078                    if ( isRemovable( mvc, aciContext.getAttributeType(), aciContext.getEntryView() ) )
079                    {
080                        i.remove();
081                        break;
082                    }
083                }
084            }
085        }
086
087        return aciContext.getAciTuples();
088    }
089
090
091    private boolean isRemovable( MaxValueCountItem mvc, AttributeType attributeType, Entry entryView )
092    {
093        for ( Iterator<MaxValueCountElem> k = mvc.iterator(); k.hasNext(); )
094        {
095            MaxValueCountElem mvcItem = k.next();
096
097            if ( attributeType.equals( mvcItem.getAttributeType() ) )
098            {
099                Attribute attr = entryView.get( attributeType );
100                int attrCount = attr == null ? 0 : attr.size();
101
102                if ( attrCount > mvcItem.getMaxCount() )
103                {
104                    return true;
105                }
106            }
107        }
108
109        return false;
110    }
111
112}