/**
* Perform all needed RDN checks for the modifyDN operation. The old RDN is not equal to the new
* RDN. The access checks are: - Verify WRITE access to the original entry. - Verfiy WRITE_ADD
* access on each RDN component of the new RDN. The WRITE_ADD access is used because this access
* could be restricted by the targattrfilters keyword. - If the deleteOLDRDN flag is set, verify
* WRITE_DELETE access on the old RDN. The WRITE_DELETE access is used because this access could
* be restricted by the targattrfilters keyword.
*
* @param operation The ModifyDN operation class containing information to check access on.
* @param oldRDN The old RDN component.
* @param newRDN The new RDN component.
* @return True if access is allowed.
*/
private boolean aciCheckRDNs(LocalBackendModifyDNOperation operation, RDN oldRDN, RDN newRDN) {
boolean ret;
AciLDAPOperationContainer operationContainer =
new AciLDAPOperationContainer(operation, (ACI_WRITE), operation.getOriginalEntry());
ret = accessAllowed(operationContainer);
if (ret) {
ret = checkRDN(ACI_WRITE_ADD, newRDN, operationContainer);
}
if (ret && operation.deleteOldRDN()) {
ret = checkRDN(ACI_WRITE_DELETE, oldRDN, operationContainer);
}
return ret;
}
