/** * Checks access on a modifyDN operation. * * @param operation The modifyDN operation to check access on. * @return True if access is allowed. */ @Override public boolean isAllowed(LocalBackendModifyDNOperation operation) { boolean ret = true; DN newSuperiorDN; RDN oldRDN = operation.getOriginalEntry().getDN().getRDN(); RDN newRDN = operation.getNewRDN(); if (!skipAccessCheck(operation)) { // If this is a modifyDN move to a new superior, then check if the // superior DN has import accesss. if ((newSuperiorDN = operation.getNewSuperior()) != null) { try { ret = aciCheckSuperiorEntry(newSuperiorDN, operation); } catch (DirectoryException ex) { ret = false; } } // Perform the RDN access checks. if (ret) { ret = aciCheckRDNs(operation, oldRDN, newRDN); } // If this is a modifyDN move to a new superior, then check if the // original entry DN has export access. if (ret && (newSuperiorDN != null)) { AciLDAPOperationContainer operationContainer = new AciLDAPOperationContainer(operation, (ACI_EXPORT), operation.getOriginalEntry()); // The RDNs are not equal, skip the proxy check since it was // already performed in the aciCheckRDNs call above. boolean rdnEquals = oldRDN.equals(newRDN); if (!rdnEquals) { operationContainer.setSeenEntry(true); } ret = accessAllowed(operationContainer); } } return ret; }